GDPR Data Erasure lets you request the removal of a specific person's personal data from Backstory under the GDPR Right to Erasure, also called the "Right to Be Forgotten." GDPR requires all data processors to offer this right, so Backstory investigates and removes the data subject's personal record information and activity data when you submit a verified request. This gives your organization a clear, timely way to meet its data privacy obligations.

These steps walk you through requesting erasure of a data subject's personal data. Backstory completes verified erasure requests within 5 to 7 business days.

The Data Protection Officer (DPO) is a formally designated party within your organization who is responsible for ensuring the organization processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.

If you are unsure who your organization's Data Protection Officer is, try contacting members within the organization who hold titles or responsibilities related to data protection or privacy.

Here are some common examples of job titles that may hold this responsibility:

In many cases, the Data Protection Officer is not the main point of contact for the tactical, day-to-day requests concerning GDPR tasks. We understand that and are happy to work with additional delegated parties formally approved by the DPO in writing.

If you have one or more internal parties who should be able to submit GDPR investigation and erasure requests, please send an email to support@backstory.ai listing the contacts to be approved and copy the DPO on the thread to formally sign off.

For additional GDPR delegates, please provide the following:

You must remove and lock down the data subject's record in your CRM before submitting. If the CRM record is later updated, Backstory will re-import it.

Email support@backstory.ai to request the GDPR data erasure. Include the subject’s email address.

Who is allowed to submit a GDPR erasure request?

Only your organization's Data Protection Officer (DPO) or a formally approved delegate may submit requests. If you are unsure who your DPO is, look for someone in a role such as Director of Information Security, Chief Privacy Officer, or Director of Data Privacy.

What data does Backstory remove?

Backstory investigates and removes personal record information (name, email, title, work phone, and employer) and activity data (emails and meetings where the data subject is listed as a participant).

How long does an erasure request take?

Backstory completes verified erasure requests within 5 to 7 business days.

What happens if the data subject's record is updated in our CRM after erasure?

If any change is made to the data subject's CRM record, Backstory will re-import it. Because Backstory cannot retain a record of the erased subject, you will not be notified of the re-import, so it is critical to remove and lock down the CRM record beforehand.

Does Backstory support GDPR compliance beyond erasure requests?

Yes. Backstory's GDPR compliance program includes data encryption in transit and at rest, the right to data portability, pseudonymization of personal data, breach notification protocols, sensitive content filtering, and mandatory employee training on data protection.

Contact your Customer Success Manager or support@backstory.ai.