GDPR erasure requests are a requirement under GDPR regulations, which oblige all data processors to afford customers a Right to Erasure, also known as the "Right to Be Forgotten." This means you can request data removal for specific data subjects, and Backstory is committed to making this process straightforward and timely. If you submit a request for a data subject's removal, you can expect it to be completed within 5 to 7 business days.

The Data Protection Officer (DPO) is a formally designated party within your organization who is responsible for ensuring the organization processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.

If you are unsure who your organization's Data Protection Officer is, try contacting members within the organization who hold titles or responsibilities related to data protection or privacy.

Here are some common examples of job titles that may hold this responsibility:

In many cases, the Data Protection Officer is not the main point of contact for the tactical, day-to-day requests concerning GDPR tasks. We understand that and are happy to work with additional delegated parties formally approved by the DPO in writing.

If you have one or more internal parties who should be able to submit GDPR investigation and erasure requests, please send an email to support@backstory.ai listing the contacts to be approved and copy the DPO on the thread to formally sign off.

For additional GDPR delegates, please provide the following:

Once the Data Protection Officer replies to the thread with written approval, the parties listed will be able to submit GDPR investigation and erasure requests on the DPO's behalf without further approval.

Have the DPO or an approved delegate email support@backstory.ai with a list of all email addresses for the data subjects to be erased. Allow 5–7 business days for Backstory to investigate and complete the data removal process.

Who is allowed to submit a GDPR erasure request?

Only your organization's Data Protection Officer (DPO) or a formally approved delegate may submit requests. If you're unsure who your DPO is, look for someone in a role such as Director of Information Security, Chief Privacy Officer, or Director of Data Privacy.

What data does Backstory remove?

Backstory investigates and removes personal record information (name, email, title, work phone, employer) and activity data (emails and meetings where the data subject is listed as a participant).

What happens if the data subject's record is updated in our CRM after erasure?

If any change is made to the data subject's CRM record, Backstory will re-import it. Because Backstory cannot retain a record of the erased subject, you will not be notified of the re-import, so it is critical to remove and lock down the CRM record beforehand.

How long does an erasure request take?

Backstory will complete verified erasure requests within 5–7 business days.

Does Backstory support GDPR compliance beyond erasure requests?

Yes. Backstory's GDPR compliance program includes data encryption in transit and at rest, right to data portability, pseudonymization of PII, breach notification protocols, sensitive content filtering, and mandatory employee training on data protection.

Contact your CSM or email support@backstory.ai.