Lifecycle of a personal data destruction request

The lifecycle of a contact removal request depends on the method that the external system calls to start the request. The lifecycle, also called an asynchronous personal data destruction request, is started by a call either to requestContactRemovalWithABUID or requestContactRemovalWithPublicID. For these two web service method calls, the external system has either the AddressBookUID or the PublicID of the contact whose data to be destroyed. The destroy action performed is defined in the ContactManager plugin class that implements the PersonalDataDestruction plugin interface.

Note: In the base configuration, the destroyUser method is synchronous and initiates obfuscation. It does not use work queues, and therefore does not participate in the personal data destruction request lifecycle. Additionally, because users of the application are subentities of Contact, this method works with Contact objects and not ABContact objects.

If the web service determines that the request is an existing one, it adds the specified requesterID value to the existing destruction request and does not start a new request.

If the web service determines that the request is a new one, the web service:

  1. Does the following depending on whether the request is for an AddressBookUID or PublicID:
    • If the web service call was to requestContactRemovalWithABUID, the web service:
      • Creates a PersonalDataDestructionRequest object for the LinkID of the ABContact.
      • Adds a PersonalDataContactDestructionRequest object for the related PublicID value, obtained from a call to the PersonalDataDestroyer implementation.
    • If the web service call was to requestContactRemovalWithPublicID, the web service creates a PersonalDataContactDestructionRequest object for the PublicID of the ABContact.
  2. Adds a PersonalDataDestructionRequester object using requesterID.
  3. The DestroyContactForPersonalData work queue checks for requests in the ReadyToAttemptDestruction category, status New or ReRun, and calls the Destroyer.

    The class PersonalDataContactDestructionWorkQueue, which implements this work queue, calls the following method:

    PersonalDataDestructionController.destroyContact(contactPurgeRequest)
    • If the request status is in the DestructionStatusFinished category, the queue marks the date of destruction for the contact destruction request.
    • If the request status is ManualInterventionRequired, you must implement code that notifies the data protection officer. That user must determine what to do and then set the status to ReRun so the DestroyContactForPersonalData work queue can run it again.
  4. The NotifyExternalSystemForPersonalData work queue looks at all PersonalDataContactDestructionRequest objects that are associated with a PersonalDataDestructionRequest. If they all have a status that is in the DestructionStatusFinished category, the work queue does the notification.
  5. The NotifyExternalSystemForPersonalData work queue notifies the external system by using PersonalDataDestructionRequester objects. As part of this notification, the work queue calls the PersonaDataDestruction plugin method notifyExternalSystemsRequestProcessed.
  6. The RemoveOldContactDestructionRequest work queue removes all requests that satisfy both of the following criteria:
    • The date obtained by adding the value of the configuration parameter ContactDestructionRequestAgeForPurgingResults to the value of PersonalDataContactDestructionRequest.purgedDate is less than or equal to today’s date.
    • The PersonalDataContactDestructionRequest object has a typecode that is in the DestructionStatusFinished category.