Data Deletion Requests
Handling GDPR Article 17 "Right to Erasure" requests.
What is a Data Deletion Request?
Under GDPR, individuals can request deletion of their personal data. However, this right is not absolute and subject to exceptions.
When Deletion IS Permitted
- Data no longer necessary — Account inactive, no pending transactions
- Consent withdrawn — Member withdraws marketing consent
- Unlawful processing — Data collected without proper basis
- Legal obligation — Court order to delete
When Deletion is NOT Permitted
- Legal obligation — AML records must be retained (5-7 years)
- Legal claims — Data needed to establish, exercise, or defend claims
- Pending transactions — Financial records require retention
- Active investigation — Compliance or fraud investigation ongoing
- Tax records — Required for tax compliance
- Active Business License — Account with active license cannot be fully deleted
Request Handling Process
Step 1: Verify Identity
- Confirm requester's identity matches account holder
- Document verification method
- Check for power of attorney if third party
Step 2: Assess Eligibility
Check for blockers:
- Active Business License — Cannot delete until license expires/cancelled
- Pending withdrawal — Cannot delete until processed
- Ongoing investigation — Escalate to CIO immediately
- Outstanding balance — Cannot delete until resolved
- Transaction history < 7 years — Must retain for AML compliance
Step 3: Determine Scope
- Profile name/email — Partial (anonymize but retain record)
- Marketing preferences — Yes (full deletion)
- Transaction history — No (AML/tax retention)
- KYC documents — After retention period (regulatory requirement)
- Commission records — No (tax/AML retention)
- Support tickets — Yes (unless relevant to legal claim)
- Login history — After retention period (security requirement)
Step 4: Execute or Decline
If eligible:
- Anonymize personal identifiers
- Delete non-essential data
- Retain required records with minimized data
- Document what was deleted vs retained
If not eligible:
- Explain specific reasons for refusal
- Cite legal basis for retention
- Explain when deletion may become possible
- Inform of right to complain to data protection authority
Response Templates
Partial Deletion (Most Common)
"We have processed your deletion request dated [DATE].
Deleted: Marketing preferences, support tickets, profile photo
Retained (legal obligation): Transaction history, commission records, KYC verification records
These records are retained for [X] years to comply with anti-money laundering regulations and tax requirements. After this period, they will be automatically deleted.
You retain the right to lodge a complaint with your local data protection authority if you disagree with this decision."
Cannot Delete (Active Account)
"We cannot process your deletion request at this time because your account has an active Business License expiring [DATE].
To proceed with deletion:
- Allow your Business License to expire (or request cancellation)
- Withdraw any available commission balance
- Resubmit your deletion request
We will retain your request on file and can process it once these conditions are met."
Cannot Delete (Investigation)
"We are unable to process your deletion request at this time due to an ongoing review of your account. We will contact you when this review is complete. You retain the right to lodge a complaint with your local data protection authority."
Timeline
- Acknowledgment — 48 hours
- Decision communicated — 30 days
- Deletion executed — 30 days from decision
- Third parties notified — 30 days (if data was shared)
Escalation Triggers
Escalate to CIO immediately if:
- Request received during active investigation
- Member threatens legal action
- Request involves business entity (KYB)
- Unusual circumstances or complex history
Post-Deletion
After deletion is executed:
- Confirm deletion to member in writing
- Document what was deleted and what retained
- Note legal basis for any retained data
- Update internal records
- Notify any third parties who received the data