NOTE: This documentation references many concepts addressed in the glossary of terms. Please visit this page before you continue.
In accordance with consumers' right to be forgotten (RTBF), you can delete consumer's personal data when it’s necessary to comply with various data protection and privacy regulations. We give you the tools to request data deletion via API or directly through the admin UI within the Salesforce DMP. That way, you can determine a plan of action for complying with the regulations that apply to you.
Many data protection and privacy regulations can require you to delete consumers’ personal data when consumers request it, or when it’s no longer necessary to keep it. If you have consumers or users who want the data that you’ve collected on them deleted, review these procedures.
Requesting Data Deletion via API
Reference technical API documentation for details on requesting deletes via API.
consent:remove method can be called to initiate a RTBF (request to be forgotten) request for a data subject. The function call should be executed as follows, with optional
Krux('ns:mynamespace', 'consent:remove', parameters, callback);
Requesting Data Deletion in the DMP
Follow these steps to request data deletion for a user.
- Click the Consumer Rights Management tile
- Click Raise a new request and select Right to be forgotten request
- Select the user identification type for your request
- List a single ID or set of IDs in the text box
- For multiple IDs, input one ID per row
- Enter the applicable user identifiers
- Click Submit
Requesting Data Deletion via File
If you choose not to integrate via other supported methods, you can request to have a RTBF pipeline set up for you. All requests collected through files process daily, so the system will not register the request until after daily jobs have processed.
RTBF requests through FILE do work, but if you need a confirmation of deletion (which could take up to 90 days from the moment of logging the request) then it's better to use API instead because FILE method will not give confirmation of deletion.
Please upload files to the following location:
Bridge Key Format:
Note: For the
remove action, policy regime (pr), flags, and timestamp (ts) are optional. For more detail on the consent flags format, please refer to Consent Flags section of the DMP Consumer Rights Management Concepts and Glossary document.
Examples of valid records for data deletion requests:
Regardless of whether or not you submit data for the optional policy regime or timestamp, include all of the delimiters. Data will not process without all delimiters.
The DMP supports gzip and lzo compression types, but recommends lzo with an lzo index file. If you choose to use gzip, the maximum supported size is 1GB per file submitted. Alternatively, the DMP does support plain text files.
Data Deletion Impact
After you request that data be deleted for a given user, we delete all data from the DMP that is tied to the identifier you submitted. This happens within 90 days of the initial request. Deleted data includes, but is not limited to:
- Ad Impressions
- User's Page Views
- User Attributes
We don't immediately delete this data due to potential audit requirements.
Once the data deletion is complete, we will drop a SUCCESS file on the following location:
We don't delete consent logs even if the user opted out or invoked their right to be forgotten. These logs are required to prove our decision making related to various consent, opt-in, and opt-out behavior.
KUID and BK Relationships (user match)
These data are required to show that when device data was deleted based on a bridge key input, we executed those changes against all devices known to be associated with that bridge key.