Performance and Limitations of GDPR Delete Requests

pbandal · Posted 05-23-2023 06:18 AM

General Data Protection Regulation (GDPR) is a data privacy regulation that enables individuals to have more control over how organizations use their data. The “Right to be Forgotten” is a regulation that enables individuals to request that an organization delete any data about them. This means that the identities that are deleted using the GDPR delete request cannot be restored again.

This is article 4 in the GDPR delete of Identity data in SAS^® Customer Intelligence 360 series, which covers the performance and limitations of GDPR delete requests. Here is a list of questions with links to their answers.

What is the maximum limit on identities that are deleted with the REST API and SAS Customer Intellig...
Can we submit multiple POST delete requests at a time?
What happens if we submit two delete requests at the same time?
What is the best approach for deleting identity data if we have multiple identity types in the syste...

What is the maximum limit on identities that are deleted with the REST API and SAS Customer Intelligence 360 UI (User Interface)?

If you use the POST method, there is a hard limit of 50,000.

If you use DELETELIST via the UI, you are not restricted in terms of the amount of data in your input file. However, there have been performance issues with large DELETELIST imports. The recommendation is to delete large amounts of data via several DELETELIST imports, each using 50,000 chunks of data.

Can we submit multiple POST delete requests at a time?

Only one delete POST request can be processed at a time. If you need to submit more than one request, the first request must be completed before any subsequent requests can be processed. Refer documentation to check the status of import request before sending the next request.

What happens if we submit two delete requests at the same time?

If you submit two requests at same time, the first request is processed and the second delete request fails to process with an error. You can only submit the second request after the first one has completed.

Here is an example in which the import request id 505b0284-46a0-4f18-a235-3adf7d5f363c fails with an error:

“Import request has been rejected, due to a conflicting, already running import with id 505b0284-46a0-4f18-a235-3adf7d5f363c”.

What is the best approach for deleting identity data if we have multiple identity types in the system?

When you have multiple identity types in the system, it is highly recommended to delete all of them even if it seems redundant. There are situations where only deleting by a single identity type might leave unwanted data behind.

For additional help, contact SAS Technical Support by creating a track with the Contact Support option in the SAS Customer Intelligence 360 UI.

Related Article Links:

Create Data Descriptor of Type DELETELIST

GDPR Delete of Identity Data Using the SAS® Customer Intelligence 360 UI

GDPR Delete of Identity Data Using the REST API

Frequently Asked Questions about GDPR Delete of Identity Data in SAS Customer Intelligence 360