Overview

Skill Level: Intermediate

Watson Campaign Automation provides APIs for data controllers to fetch a contact's data as part of Right of Access processing and submit erasure requests as part of Right to Erasure processing through a batched asynchronous job api. The responses from the asynchronous job are available for download for up to 3 days after the job at which time the GDPR job responses are deleted as they can have personal data.

Prerequisites

GDPR Lookup Keys must be specified within Watson Campaign Automation. 

It is recommended to collate the requests so that minimum calls are made to Watson Campaign Automation so that overall performance is not impacted for your organization.

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

Database GDPR Lookup Key Setup

Within your database, you are able to select up to 5 fields from the GDPR LookUp Fields screen that you will use for GDPR lookups. To configure this setup, take these steps:

  1. Click Settings on the Database details screen.

  2. Select up to 5 fields that you want to use as GDPR LookUp Fields by clicking the GDPR LookUp Fields tab.

Note: Lookup keys are a feature of Flexible Key databases and Email is used for the GDPR Lookup on Restricted databases.

Items of Importance

It is possible that a message is received after an opted-in data subject submits a Right to Erasure request to IBM. This occurs because the message was already scheduled for delivery prior to the Right to Erasure request being submitted.

Relational Table setup for Right to Erasure API call

For the Watson Campaign Automation Right to Erasure API to process the erasure of information from a Relational Table where the Relational Table has contact specific personal data, you need to select the radio button next to Delete records in the Relational Table settings.

Step-by-step

  1. API Request

    Use the following API requests to call the GDPR Right to Erasure API.

    • Database – POST /databases/{databaseId}/gdpr_erasure
    1. Provide a database Id in the API request path to identify the database which the data subject will be removed from. To remove a data subject from more than one database, a unique call must be made for each database Id.
    2. The body of the POST must contain a CSV with one or more column names and the identifiers to be looked up for each column name. The content-type will be ‘text/csv’. See the example below:

      “MobileNumber”,“15063434670”

      “MobileNumber”,“15066754325”

      “Email”,”john@domain.com”

      “MobileNumber”,“18884266840”

      “Email”,”jill@domain.com”,

      “Email”,”jack@somedomain.com”

    Note: Suppression lists are supported for erasure requests. Removing an email address from the suppression list creates some risk that the data subject will receive an email if another process, such as ImportList, adds the data subject back to a database.

  2. Processing

    The Watson Campaign Automation /gdpr_erasure API will respond synchronously with a 202 – Accepted along with a response header named location which will have the URI for job status. (e.g. http://api5.ibmmarketingcloud.com/rest/gdpr_jobs/{jobId}/status)

    The GET method for /gdpr_jobs/{jobId}/status returns a high level status that indicates whether processing is:

    • WAITING
    • IN PROGRESS
    • COMPLETE
    • ERROR

    When processing completes with a status of SUCCESS, the WCA status API response will also include a response header named ‘location’ having the URI for job results. (e.g. http://api5.ibmmarketingcloud.com/rest/gdpr_jobs/{jobId}/response)

    Erasure Processing when Database Id Provided

    For each record, find any matching contacts (even if already soft deleted) in the specified database and perform the following:

    • Delete each contact record.
    • For a Double Opt-In database, find any matching email addresses in the pre-opt-in database and remove them.
    • Delete any Universal Behaviors for the contact
      • Notify the following sub-systems of the Right to Erasure request when relevant:
        • mGage (SMS)
        • Mobile Customer Engagement (Push Notifications)
        • Universal Behavior Exchange (UBX)
      • Save audit record of the request

     

  3. GDPR Right To Erasure Job Submission Against a Marketing Database

    Request Method

    POST

     

    Request URI

    /databases/{databaseId}/gdpr_erasure

     

    Sample URL

    https://api0.ibmmarketingcloud.com/rest/databases/10091/gdpr_erasure

     

    Request Headers

    Authorization: Bearer WCA_ACCESS_TOKEN

    Content-Type: text/csv

     

    Request Body – one identifier name-value pair on each line

    GDPR Lookup Key Column Name, GDPR Identifier Value

     

    Sample Request Body

    EMAIL,user1@eng.silverpop.com

    EMAIL,user2@eng.silverpop.com

    EMAIL,user99@eng.silverpop.com

    EMAIL,nonexistent@eng.silverpop.com

     

    Successful Response

    Status code: 202

    Response Header includes Location to poll for job status

    Sample value

    Location: https://api0.ibmmarketingcloud.com/rest/gdpr_jobs/33/status

     

    Response Body

    {

            “location”: “https://api0.ibmmarketingcloud.com/rest/gdpr_jobs/33/status”,

            “id”: 33

     }

  4. GDPR Get Job Status and Job Response

    Get Job Status

    Request Method

    GET

     

    Request URI

    /gdpr_jobs/{jobId}/status

     

    Sample URL

    https://api0.ibmmarketingcloud.com/rest/gdpr_jobs/32/status

     

    Request Headers

    Authorization: Bearer WCA_ACCESS_TOKEN

     

    Successful Response

    Status code: 303

    Response Header includes Location to fetch job result/response

    Sample value

    Location: https://api0.ibmmarketingcloud.com/rest/gdpr_jobs/32/response

     

    {

            “location”: “http://localhost:8081/rest/gdpr_jobs/32/response”,

            “status”: “SUCCESS”

    }

     

    Possible values for status: SUBMITTED, IN_PROGRESS, SUCCESS, FAILED

     

    GDPR Job Response

    Request Method

    GET

     

    Request URI

    /gdpr_jobs/{jobId}/response

     

    Sample URL

    https://api0.ibmmarketingcloud.com/rest/gdpr_jobs/32/response

     

    Request Headers

    Authorization: Bearer WCA_ACCESS_TOKEN

     

    Successful Response

    Status code: 200

     

  5. Sample Response for a Right to Erasure job

    {

        “databaseId”: 10091,

        “timestamp”: “2018-03-22T05:04:54.123Z”,

        “contacts”: [

            {

                “contactFound”: true,

                “contactDeleted”: true,

                “gdprIdentifiers”: [

                    {

                        “name”: “EMAIL”,

                        “value”: “user1@eng.silverpop.com”

                    }

                ]

            },

            {

                “contactFound”: true,

                “contactDeleted”: true,

                “gdprIdentifiers”: [

                    {

                        “name”: “EMAIL”,

                        “value”: “user2@eng.silverpop.com”

                    }

                ]

            },

            {

                “contactFound”: false,

                “contactDeleted”: false,

                “gdprIdentifiers”: [

                    {

                        “name”: “EMAIL”,

                        “value”: “nonexistent@eng.silverpop.com”

                    }

                ]

            }

        ]

    }

Join The Discussion

Your email address will not be published. Required fields are marked *