GDPR and CCPA requests
In line with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), you may receive requests from your customers to have their data removed from all systems and records you have access to. As Lexer is committed to achieving and maintaining the trust of our clients, we have processes in place — discussed in this article — for when you have a GDPR or CCPA request from a customer.
What is the “right to be forgotten”?
If you’re already familiar with the GDPR/CCPA standards feel free to skip this paragraph, but for everyone else, GDPR/CCPA refers to a set of data protection and privacy laws that came into effect in 2018.
In short, GDPR and CCPA have requirements that allow consumers to be “forgotten”. What this means is that consumers can remove permission from businesses to use their data. If you would like to learn more, you can read about it here.
How to submit GDPR/CCPA requests on behalf of customers
When you have a GDPR or CCPA request from a customer, follow these steps to process a deletion request with Lexer:
- Email privacy@lexer.io and CC your Lexer Success Manager. In the email, confirm the customer’s identity details (email, customer ID) that you would like us to delete from the Lexer CDP. Please note that Lexer’s approach to actioning requests to delete customer data is currently to remove exact matches only. If you would like us to attempt to expand our search to include “sibling” or “alias” accounts to the one provided, you will need to state this explicitly. For example: If you ask us to remove john.doe@xyz.com, we will remove only that exact profile. If you choose to expand your instructions to include other aliases, we will act on these instructions, but we do not accept any liability arising from deletion of these accounts.
- Lexer will respond, confirming receipt of this request.
- Lexer will delete all information from your CDP that relates to this customer.
- Lexer will respond, confirming that the request has been completed. We maintain a 7-day SLA for all GDPR/CCPA deletion requests.
Ensuring global privacy standards
Personal privacy is important and we here at Lexer are determined to ensure all global standards are met and our products and procedures comply with all data-related security regulations. We are committed to helping you with any and all GDPR/CCPA requests you receive, just follow the steps above and don’t hesitate to reach out to Lexer Support at support@lexer.io if you have any questions.