Export deletion protocol / deletion log for deleted records
According to GDPR, companies are required to delete contacts whose data they don't need anymore. (right to be forgotten)
"An individual has the right to have their personal data erased if: The personal data is no longer necessary for the purpose an organization originally collected or processed it." https://gdpr.eu/right-to-be-forgotten/
Most companies are thus required to keep a log of their deletion activity. Currently, it is not possible to generate a log / protocol of the regular deletion of contacts.
Of course it's possible to work around that by creating a list of records one is about to delete, export them, remove all information but the record ID (to have an anonymized log of how many records were deleted), save the list of IDs as an unchangeable file (e.g. PDF) along with the note of which type of record was deleted and why.
Typically, data privacy officers strongly suggest that this should be a routine activity that should happen monthly, bi-monthly or even weekly. In light of that, it would be great if HubSpot offered this log out of the box.
Or in other words: As far as my legal understanding goes, all European HubSpot customers are required to do this once per month.
Requirements:
Unchangeable file (PDF)
Contains type and list of IDs of record deleted
Contains name of user who performs the deletion
Works for regular deletion as well as GDPR delete
Allows for adding a note / context to the PDF file
Suggestion of creating a log pops up whenever records are deleted in bulk
Thanks in advance for reviewing!
--
While writing this request, I am aware of recent product updates, such as:
Audit log of users security actions in-app
Updates to deleting a contact
Get email confirmation when deleting contacts
However, these are either referring to single deletions or GDPR deletions, unless I'm missing something.
I'm lucky I don't have to worry much about GDPR, but I'm sure that's changing as the US catches up (slowly). Plus, this just sounds like good stewardship of data. +1 from me.
It is something I hear quite often from folx across the pond, @danmoyle
One thing that was pointed out to me a while ago, which might put a bumper in that sort of "exemption thinking" - GDPR protects the personal data of European Union (EU) citizens, regardless of where they reside. Hence me always arguing to be GDPR compliant, no matter where you do business.
I frequently hear this from people overseas, @danmoyle.
A crucial point brought to my attention is that GDPR safeguards the personal data of European Union (EU) citizens, irrespective of their location. This underscores the importance of maintaining GDPR compliance, regardless of your business's geographic scope. For more info visit this link.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.