Erasing a contact's personal data

Staff users can request that a contact be marked for erasure and the contact's personal data be removed from the system; system administrators can then approve or reject this request. Personal data is categorized as any information that can be used to identify an individual. For example, names, addresses, email addresses, phone numbers and license numbers are considered personal data. This information can be used on its own, or in conjunction with other information to identify the individual.

When a contact is marked for erasure, the contact receives a nightly email notifying them that their personal data is about to be erased. See Contact erasure request confirmation for more information on the Process Automation task that sends out the notifications. System administrators are also sent a nightly email that details the contacts who have been marked for erasure, and the number of outstanding erasure requests that currently exist (Contact erasure requests - Update email task).

Contacts marked for erasure are deleted after the period defined in the Contact erasure task. The default period is seven days. This means that contacts who have requested to be erased have seven days from the time their information is marked for erasure to rescind their erasure request. If no cancellation request is made the erasure is processed.

When an erasure is processed, it removes the contact's personal data, but elements of the contact's activity remains. For instance, orders, CEU credits, Giving history, and event registrations will remain in the database, however this information will not be connected to the erased contact. Contacts marked for erasure are also still searchable in the organization's directory up until the erasure task runs. If you wish to completely remove a contact from your database, see Marking a contact for deletion.

Warning! Any contact record that is erased cannot be undone. Be sure you want to erase this information before you mark the contact record for erasure.

From the Edit window of the Contact Mini Profile on the account page, staff and system administrators can access the Erase this contact section to initiate the erasure process. This section will not display if the Contact setting Allow users to request the erasure of contact information is disabled. Review the general section of the Contact setting documentation for more information on this setting.

Note: Personal data stored in dynamic panels is not removed by this erasure process. Staff must manually remove any personal data stored in this manner.
Additionally, custom contact queries should be modified to ensure that only active contacts are displayed in the results.

Requesting contact erasure - Staff (non-SysAdmin)

Staff (non-SysAdmin) can request a contact erasure, but not complete the process. This request is approved or denied by a system administrator. To send a contact erasure request do the following:

  1. From the Staff site, access the contact's account page.
  2. Click the edit button on the Contact Mini Profile.
  3. Scroll to the bottom of the Edit window and click the Request contact erasure button.
  4. When prompted, enter the Contact ID (required). A note can also be added to the request.

    5. Warning! Do not enter any personal data in the note field, for instance, names. This is especially important for organizations with EU ties, as this violates the General Data Protection Requirement. Review the GDPR guidelines documentation for more information.

  5. Click I understand, erase this contact to submit the erasure request.
    A message will display at the top of the contact's profile page that the request was submitted. If you wish to view or cancel the request, click the link in the message.

Erasing a contact - SysAdmin

System administrators can delete a contact's personal data from the system. Sysadmins can respond to an erase request made by a non-sysadmin staff user or initiate the erasure themselves.

Contact erasure requests are displayed on the Community dashboard (See Contact erasure request alert). The View all link opens the Contact erasure requests log. This log shows a list of all pending erasures and erasure requests.

If you are a sysadmin and want to initiate a contact erasure, use the following steps:

  1. From the Staff site, locate the contact's account page.
  2. Click the edit button on the Contact Mini Profile.
  3. Scroll to the bottom of the Edit window and click the Erase this contact button.
  4. When prompted, enter the Contact ID (required) and add a note if you wish.

    5. Warning! Do not enter any personal data in the note field, for instance, names. This is especially important for organizations with EU ties, as this violates the General Data Protection Requirement. Review the GDPR guidelines documentation for more information.

  5. Click I understand, erase this contact to proceed.
  6. The contact's account is now Marked for erasure.
    A message will display at the top of the contact's profile page that the account is Marked for erasure. If you wish to view or cancel the request, click the link in the message.