Overview

Automating GDPR Retrieval and Deletion

Drift admins can manually request data retrieval and deletion via the Data Privacy section of their settings, but this can be tedious for larger organizations with many requests.

The Data Privacy API provides a way to trigger GDPR requests programatically.

There are two types of requests an organization can make:

  • Retrieval - fetches all data for all contacts and users with a given email
  • Deletion - deletes all data for all contacts and users with a given email

Unless these requests are necessary for compliance purposes, we recommend using the Contact API which provides real-time data.

Note

The Data Privacy API can only be accessed by apps created by an organization. Third party applications are blocked from requesting these permissions.

Scopes

To perform GDPR requests, an app must request access to specific permission scopes.

Retrieval requires access to the gdpr_read scope.
Deletion requires access to the gdpr_write scope.

To read more about how the Drift API uses scopes, see our scopes documentation.

Overview

Automating GDPR Retrieval and Deletion