Currently there are two ways to delete users from the system:
- via API with a single API call for each user, or bulk processing with up to 1000 users per API call (see User Management API 1.0 under “User profile management “)
- manual GDPR-deletion process, managed by ActivatePro
Deleting via API
Deleted users via API will remove any connection to the active system, so they can’t be found directly anymore in the frontend/UI and they also won’t be part of any segments anymore.
However, there will remain some data in background systems for a certain amount of time, until they get completely deleted automatically, which currently would be around 14 days after the initial deletion request.
Depending on your workflows and passed time, this way might not be considered completely GDPR-compliant, until the time is up and the remaining data gets deleted.
"GDPR" deletion process
There are some cases when deleting via API is not pheasable, e.g.:
- if the deletion must be done very soon
- if the requesting person has no capability or ressources to use the API
- if the data is too big to manage manually via API
- In this case you can create a Supportticket and our Customer Experience team will handle the request.
The ticket should contain:
- the company account number or exact account name
- a list (for a small number of users) or a csv file with one of the 3 unique identifiers of the users (user XNGid, external Id or Emails+businessUnit)
- or a segment id that can be used instead (if possible not bigger than 50k users)
We have internal ressources, where we can upload users in bulk for hard deletion, which will drop all data for these users. We can upload up to 10k of users per request to the workflow that will delete the users automatically, which runs once a day.
In some cases with a very high number of users, it might take several workflow runs to process all users, which can take a few days in worst case scenario.