GDPR erasure requests - importing previously removed records

Is anyone else struggling to get their head around GDPR erasure requests?

Say someone requests to be erased from your systems. You follow the new legislation, process their request, and delete their data.

You then obtain a new database (either from a marketing tool, or via a third party), and import the data into your system. But, the list contained the details of the aforementioned individual.

Without having their details recorded somewhere, how would you know that they had previously requested to be removed, prior to importing them?

I know v8 will contain a Data Privacy Module, but I still don't see how we will get around the above problem. Has anyone else had any ideas about how to handle this, either in Sugar or outside Sugar?

Has anyone else thought about this?

  • Hi Philippa Grover 

    The emails are stored in the table email_addresses, which manage the email address it self and the information of invalid email and opted out.

    The table email_addr_bean_rel implements the relationship between a record (Account, Contact, Lead etc) against a speciffic email address.

    So lets suppose several differents records are related to the same email address which is set as opted out, it means all of these records will be marked as opted out for that same email address.

    So when you are going to import a third part database the SugarCRM application will double check if the given email address does exist and then it will assign that email address to the new record. Note that SugarCRM will not undo the opted out flag of such email on importing, this way if you try to send an email marketing campaign to a new record whose email address had been previously opted out the SugarCRM will refuse the send the message to that one.

    But if that new Person/Company has some other email addressed not opted out then he/she will be targeted without big deal.

    I hope I could answer your question.

    Kind regards

    André Lopes
    Lampada Global
    Skype: andre.lampada
  • Hello André Lopes,

    Many thanks for your reply.

    However, from what I understand, the new Data Privacy Module in v8 will contain an action to process erasure requests. From what I have seen of the new version, processing a request of this nature completely obliterates the record from Sugar - including removing it from the database.

    In current versions of Sugar, if you delete a record, it only removes it from the frontend; effectively, this is a soft delete. But, the new Data Privacy Module deletion does more than that, as it removes the record in full.

    Am I correct in my understanding of this new feature?

    Also, from what you're suggesting, we will have to remember to click "Opt Out" on the contact's email address before we process their erasure request. This is prone to human error, and I can foresee my clients not doing this. Also, this means that the email address will remain in the system, which I do not believe is compliant with GDPR.

    Please correct me if I have misunderstood the new features of this module, as there is so much going on around GDPR that it is easy to get lost!

    Thank you,

    Philippa

  • The way erasure requests will work in Sugar is a bit different than delete. A data privacy manager will be able to select specific personal fields for erasure. What then happens is that the value of those personal fields is erased. On the front end, you will see "Value Erased".  The record itself is not removed, so that we can retain relationships with other records such as calls, meetings, tasks etc. 

    If an email is marked for erasure, then the email value is also erased from the table. 

    If that email address comes in again as a new lead or contact, then the new email will be created as a new record. There is no mechanism to tie in the new incoming email address to the previously held email address, because the previous email record was permanently erased. 

    Hope that helps. 

    Deepak Deolalikar

    Senior Director Product Management

  • Hi Deepak,

    Many thanks for getting back to me. I understand what you're referring to with regard to erasing content from fields which have been marked as PII.

    To be clear, are you saying that processing an Erasure Request does not result in a deletion of a record, but rather it displays "Value Erased" within the fields. If this is the case, how can we identify who the person is, because presumably their name will display "Value Erased" as a name constitutes PII.

    Your note refers to an email being marked for erasure - do you mean an email record, or an email address? Our issue is with email addresses. Apologies, I just want to ensure I understand you correctly.

    If I undertstand you correctly, the processing of an Erasure Request will erase the subject's email address from the table - is that correct? If this is the case, isn't this a problem for importing new records for previously-forgotten subjects? If the email address of a subject is erased as part of processing an Erasure Request and it is deleted from the tables, how is it possible to identify this person as having previously been forgotten?

    Many thanks,

    Philippa

  • Philippa Grover

    Erasure will remove the values from the personal information fields. The record itself will not be deleted. That way we can keep the integrity of relationship with other modules like calls, opportunities, accounts etc. 

    Once erased, the front end view will display "Value Erased" for the fields that were marked for erasure. There will no way to determine the name of the person from the record, since they had requested to be forgotten. 

    Regarding email, I was referring to the email address (not email record). Erasure of email address will remove the email address from the table. If after the erasure, you try to create a new record with the same email address either manually or via an import, then the system has no way knowing that the email address was in fact erased earlier. The previous email does not exist in the system any more. 

    Also, it is assumed that you will be getting consent for new email address, and hence the new emails can be treated as legitimate. 

    Hope that helps. 

    Deepak Deolalikar

    Senior Director Product Management

  • Here's my understanding:

    If I ask you to REMOVE my data, you have to remove it completely, you will have no reference whatsoever to whether I ever existed in your system or asked you to delete me. I become a total stranger.

    Now, if you get my name from a list, the provider of the list also has to provide you with MY EXPLICIT CONSENT for the data contained in the list to be gathered for the PURPOSE of SHARING it with you (Opt-In Policy). Therefore you have EXPLICIT consent FROM ME (via the company who provided you the list) to use that data and you can add me.

    If you don't have that documented consent you can't add me to your system. The default is DENIAL of consent.

    In other words, you should NEVER AGAIN get just a list of random people that you bought or otherwise obtain without the explicit approval of the people whose information is contained in that list.

    Makes sense?
    FrancescaS

  • Your understanding is correct. If you don't have explicit consent, data should not be entered or imported into Sugar (or any other systems). If you have the necessary consent, you can record it in the respective module. We have added some fields to record consent, which can be customized as per the controller's processes. 

    The only reason you would ever import without someone's consent is if there is a valid business legitimate reason, otherwise you need explicit consent. Customers who are processing data should consult with their legal counsel to determine lawful basis of the data they process. 

    Deepak Deolalikar

    Senior Director Product Management

  • Hello everyone, 

    This question is being moved to a new community space, Enterprise & Professional. Please direct any additional feedback and questions about data privacy to that space, and be sure to follow it as well so you can stay informed on any new content that is communicated out from SugarCRM regarding data privacy. We will be adding additional information to that space shortly as it becomes available!

    -Alex