Delete Data with Right to Be Forgotten Policies

RTBF policies are created at the object level to ensure that all customer data is removed. Each policy can include a parent object and multiple child objects, with the option to cascade down four levels in the child object hierarchy. Your policy transforms all records in the parent object and any included child objects. Child objects are processed before the parent object.

RTBF policies work jointly with RTBF requests. When a customer asks to have their data deleted or masked, you create an RTBF request based on a record ID for that customer. Then you assign a policy to the RTBF request and execute the request.

RTBF policies and RTBF requests require matching record types. For example, if the user record targeted in the RTBF request is a Contact ID, create a policy with Contact as the parent object. Use Individual as the parent object to capture all personally identifiable information (PII) that rolls up to the Individual object. If your organization has PII data spread across multiple unrelated top-level objects, create multiple RTBF policies to capture and process all PII data.

When you run an RTBF policy, it enters the same job queue as Data Management policies and runs when any earlier scheduled policies finish running.

• Create Right to Be Forgotten Policies
  Honor individual customer requests to remove or mask sensitive data by creating Right to Be Forgotten policies.
• Publish and Manage a Right to Be Forgotten Policy
  To assign a policy to a Right to Be Forgotten (RTBF) request, publish the policy. You can also edit, deactivate, or delete a policy.
• Create and Run a Right to Be Forgotten Request
  Create a request record and assign a policy to run on Right to Be Forgotten (RTBF) requests from your customers.