Details about this thread
  • State Not Answered
  • Replies 8 replies
  • Subscribers 291 subscribers
  • Views 1402 views
  • Users 0 members are here
Related content from around SugarClub

GDPR erasure requests - importing previously removed records

Philippa Grover

Is anyone else struggling to get their head around GDPR erasure requests?

Say someone requests to be erased from your systems. You follow the new legislation, process their request, and delete their data.

You then obtain a new database (either from a marketing tool, or via a third party), and import the data into your system. But, the list contained the details of the aforementioned individual.

Without having their details recorded somewhere, how would you know that they had previously requested to be removed, prior to importing them?

I know v8 will contain a Data Privacy Module, but I still don't see how we will get around the above problem. Has anyone else had any ideas about how to handle this, either in Sugar or outside Sugar?

Has anyone else thought about this?

Parents
  • 0

    Hi Philippa Grover 

    The emails are stored in the table email_addresses, which manage the email address it self and the information of invalid email and opted out.

    The table email_addr_bean_rel implements the relationship between a record (Account, Contact, Lead etc) against a speciffic email address.

    So lets suppose several differents records are related to the same email address which is set as opted out, it means all of these records will be marked as opted out for that same email address.

    So when you are going to import a third part database the SugarCRM application will double check if the given email address does exist and then it will assign that email address to the new record. Note that SugarCRM will not undo the opted out flag of such email on importing, this way if you try to send an email marketing campaign to a new record whose email address had been previously opted out the SugarCRM will refuse the send the message to that one.

    But if that new Person/Company has some other email addressed not opted out then he/she will be targeted without big deal.

    I hope I could answer your question.

    Kind regards

    André Lopes
    Lampada Global
    Skype: andre.lampada
Reply
  • 0

    Hi Philippa Grover 

    The emails are stored in the table email_addresses, which manage the email address it self and the information of invalid email and opted out.

    The table email_addr_bean_rel implements the relationship between a record (Account, Contact, Lead etc) against a speciffic email address.

    So lets suppose several differents records are related to the same email address which is set as opted out, it means all of these records will be marked as opted out for that same email address.

    So when you are going to import a third part database the SugarCRM application will double check if the given email address does exist and then it will assign that email address to the new record. Note that SugarCRM will not undo the opted out flag of such email on importing, this way if you try to send an email marketing campaign to a new record whose email address had been previously opted out the SugarCRM will refuse the send the message to that one.

    But if that new Person/Company has some other email addressed not opted out then he/she will be targeted without big deal.

    I hope I could answer your question.

    Kind regards

    André Lopes
    Lampada Global
    Skype: andre.lampada
Children
  • 0 in reply to André Lopes

    Hello André Lopes,

    Many thanks for your reply.

    However, from what I understand, the new Data Privacy Module in v8 will contain an action to process erasure requests. From what I have seen of the new version, processing a request of this nature completely obliterates the record from Sugar - including removing it from the database.

    In current versions of Sugar, if you delete a record, it only removes it from the frontend; effectively, this is a soft delete. But, the new Data Privacy Module deletion does more than that, as it removes the record in full.

    Am I correct in my understanding of this new feature?

    Also, from what you're suggesting, we will have to remember to click "Opt Out" on the contact's email address before we process their erasure request. This is prone to human error, and I can foresee my clients not doing this. Also, this means that the email address will remain in the system, which I do not believe is compliant with GDPR.

    Please correct me if I have misunderstood the new features of this module, as there is so much going on around GDPR that it is easy to get lost!

    Thank you,

    Philippa

  • 0 in reply to André Lopes

    The way erasure requests will work in Sugar is a bit different than delete. A data privacy manager will be able to select specific personal fields for erasure. What then happens is that the value of those personal fields is erased. On the front end, you will see "Value Erased".  The record itself is not removed, so that we can retain relationships with other records such as calls, meetings, tasks etc. 

    If an email is marked for erasure, then the email value is also erased from the table. 

    If that email address comes in again as a new lead or contact, then the new email will be created as a new record. There is no mechanism to tie in the new incoming email address to the previously held email address, because the previous email record was permanently erased. 

    Hope that helps. 

    Deepak Deolalikar

    Senior Director Product Management