Frequently Asked Questions about GDPR Delete of Identity Data in SAS C...

pbandal · Posted 05-23-2023 06:30 AM

General Data Protection Regulation (GDPR) is a data privacy regulation that enables individuals to have more control over how organizations use their data. The “Right to be Forgotten” is a regulation that enables individuals to request that an organization delete any data about them. This means that the identities that are deleted using the GDPR delete request cannot be restored again.

This is article 5 in the GDPR delete of Identity data in SAS^® Customer Intelligence 360 series, which covers the frequently asked questions on GDPR Delete of Identity Data. Here is the list of questions with links to their answers:

When I delete the customer_id or subject_id using a GDPR (General Data Protection Regulation) delete...

If I deleted the identity data (e.g., subject_id) by mistake while working on the GDPR delete API, i...

Is it sufficient to check the number of records in the UDM table identity_attributes to verify how m...

How can I verify whether identity data was deleted using the GDPR delete process?

How do you check the total processing time taken for the GDPR delete request?
What are the identity types that can be deleted using a GDPR delete request?

When I delete the customer_id or subject_id using a GDPR (General Data Protection Regulation) delete request and reimport the same IDs again in SAS^® Customer Intelligence 360, will these IDs be associated with old datahub_ids or will new datahub_ids be created?

The datahub_id is a Universally Unique Identifier (UUID). Hence, there is no chance that the datahub_id of a deleted user might be reused later.

If I deleted the identity data (e.g., subject_id) by mistake while working on the GDPR delete API, is there any functionality in SAS Customer Intelligence 360 where I can restore it?

The subject IDs cannot be restored once they are deleted using the GDPR delete API. You must upload the subject IDs again. The reason for this behavior is because the cloud does not store data about deleted identity data records. GDPR is an EU regulation that allows customers to be forgotten, and the software ensures that the subject IDs are completely forgotten, so that they cannot be restored.

Is it sufficient to check the number of records in the UDM table identity_attributes to verify how many subject IDs are still active in the cloud?

Yes, you can get the active subject IDs detail from the UDM identity_attributes data set.

How can I verify whether identity data was deleted using the GDPR delete process?

There are two ways to verify:

Use the SAS Customer Intelligence 360 Download API to download the identity data files to verify whether identities are being deleted. If they still appear in the IDENTITY_ATTRIBUTES table, it means that the data is not being deleted.
Go to the Diagnostics tool in General Settings à Content Delivery à Diagnostics, search for the subject_id, and make sure that they are removed from the system. Refer to the screenshot below:

How do you check the total processing time taken for the GDPR delete request?

You can see how long it takes by calculating the time between Start Time and End Time of imports under General Settings à Table Management à GDPR delete table à Import History:

What are the identity types that can be deleted using a GDPR delete request?

A GDPR delete request works only with three identity types: customer_id, subject_id, and login_id. These three identity types are considered strong identifiers for an individual. It does not work with device_id or visitor_id.

For additional help, contact SAS Technical Support by creating a track with the Contact Support option in the SAS Customer Intelligence 360 UI.

Related Article Links:

Create Data Descriptor of Type DELETELIST

GDPR Delete of Identity Data Using the SAS® Customer Intelligence 360 UI

GDPR Delete of Identity Data Using the REST API

Performance and Limitations of GDPR Delete Requests