Delete Entities by GDPR
Learn about General Data Protection Regulation (GDPR) compliance, including deleting consumer profiles and configuration.
GDPR Compliance Requirements in Reltio Platform
- All profile entity or entities.
- All losing entity or entities in the merge tree. For more information, see Merging Two Entities.
- All historical data.
objectUri references a removed entity. For those activity items, it removes the following fields:deltalabelobjectUri
The only exception is that objectUri is retained in items of type ENTITY_CREATED, ENTITY_REMOVED_GDPR, and RELATIONSHIP_REMOVED_GDPR.
As a result, if you search for activities using the URI of a removed entity, only creation and deletion events appear with no sensitive information included.
The task also removes the description field from any activity that contains sanitized items because it may include attribute values from the deleted entity.
Right to be Forgotten
With the Reltio Platform, you can flag entities, also known as Consumer Profiles, for deletion upon request from the consumer. This is a three-step process:
- Collect the consumer’s request in a rights management application and publish it to the Reltio Platform.
- The corresponding entities in Reltio are updated with the DeleteEntity flag.
- The Delete Entity job is executed through the Entity Delete API -
.POST {ApplicationURL}/api/{tenantId}/entityDelete
Configuration
To Delete Entities by GDPR:
- Contact your Reltio Support or the Customer Service Manager to have GDPR support enabled.
- Add an attribute with the name DeleteEntity. The attribute must be at the top level of attributes and be of type Boolean.
- Add the true value to the DeleteEntity attribute in entities that are marked for deletion. Note:
- If there are multiple values in the attribute, a defined OV strategy is used.
- If the OV strategy resolves both true and false as winners, the entity is not deleted.
- Schedule the Delete Entities by GDPR task for execution. Note: Stop and Pause are not supported.
Request
Schedules a Delete Entities by GDPR task for a single tenant. Tenant admin role is required.
POST {ApplicationURL}/api/{tenantId}/entityDelete| Name | Required | Description |
|---|---|---|
| tenantId | Yes | ID of the tenant to delete entities. |
| purgeActivityLog | No |
If false, all sensitive information in the Activity Log related to deleted entities won't be removed. Default value is true. |
| purgeLinkedHistory | No |
If true, all historic data of the entities marked for GDPR deletion is processed. For each historic entity its history (and activity log if the purgeActivityLog parameter is set to true) is purged of all crosswalks and associated data of the entity marked for GDPR deletion.
Note: If you turn on this parameter (set it to true), it can slow down the GDPR delete task since it must enumerate and possibly modify the entire history and activity log of every historic entity of the entity marked for GDPR deletion. Default value is false. |
| Time parameters | No | For the time parameters, see topic Configuration of Timelines for GDPR or CCPA Data. |