Guest post by Tanya Kennedy Luminati, MatrixMaxx Product Manager
We’re almost two months past the GDPR deadline, and we’re all still alive! (Well, mostly.) Just because the deadline has come and passed doesn’t mean the fun is over, though. As I’m sure you’ve heard, California has a new GDPR-inspired privacy law coming down the pike, and many organizations are into the real-life situations of members asking for copies of their personal data. And some are even asking to be forgotten!
To make matters even more interesting, several of our clients have reported getting fake GDPR deletion requests via email. Yikes! FYI, from what we’ve heard, the subject is always “Data Removal Request,” and the body text is always “I hereby withdraw my consent for you to … ” Please keep your eyes out for messages like these!
This underscores the recommendations that many of you (especially our MatrixMaxx clients) have been hearing from us since we started diving into GDPR and GDPR compliance: You shouldn’t just delete someone based on a voicemail or email. Always call and ask: “Do you really want to be forgotten?” This is a great chance to open a conversation with this individual, learn more about why they want to be forgotten, warn them of possible negative repercussions, and perhaps help your organization improve future communications. And, you know, save yourself and your organization from a potentially disastrous situation.
Here are our recommendations for vetting requests to be “forgotten”:
- Call and ask if the request is valid, and try to learn more about why they want to be forgotten.
- Offer them a copy of their Personal Information. Perhaps all that they really want to know is what you know about them. This would be a combination of the info in your AMS (like MatrixMaxx) as well as any other systems in which you hold data.
- Review the individual’s profile and warn them of potential issues that would come with being “forgotten.” For example, their meeting history will be gone… this could be important for their access to presentation slides or CEU history! Or, if they are actively on a committee, this action will effectively remove them from that committee … is this what they really want?
- Do the needful to comply with their request, if it’s valid.
By the way, if you’re a MatrixMaxx client, our recent 18.2 release was packed full of new features to help you manage Personal Data and Privacy for GDPR compliance. Have ideas for other enhancements that could help you in your journey? We’re here for you, and all ears!
PLEASE NOTE:
This is one of Matrix Group’s installments on GDPR, Privacy, and Security. We at Matrix Group are not lawyers or GDPR consults; these are simply our recommendations for how to best meet your organization’s needs and member’s needs.