How do I perform GDPR-compliant requests in MadKudu?

Rafikah Halim
  • Updated

    Under the General Data Protection Regulation (GDPR), an individual saved as a contact in MadKudu contacts database has the right to request for certain actions to be performed on the personal data you have about them. To keep to our commitment to GDPR readiness, we offer the ability to:

    • Delete records: The GDPR requires permanent deletion of their contact record from your database, including email history, form submissions, and other engagement data and activity. This includes removing all data keyed by that email address from all storage mediums that don’t automatically expire data within 30 days. This includes archives, databases, and staging environments.
    • Modify incorrect or inaccurate data: The GDPR empowers individuals to correct any personal data that is deemed inaccurate or incomplete. In MadKudu, if the end-user asks you to change her information, we can do so from within her contact record.
    • Retrieve user-specific data: Under the GDPR, end users have a right to access their personal data and are entitled to obtain their personal data in a commonly used, structured format, such as a CSV file.

    Requests are typically responded to within 30 days.

    How to make GDPR requests

    Get records deleted via CSV upload in MadKudu App

    Pre-requisites

    Step by Step

    • Log in to the MadKudu app
    • Go to the Settings > GDPR. This section will only be visible if you have sufficient Admin access rights.

    Screen_Shot_2022-09-22_at_1.22.56_PM.png

    • Upload a CSV of the emails you would like to delete from the MadKudu database. Your file should have a CSV extension.

    mceclip0.png

    • Click "Delete Records" in the pop-up to validate the operation.
    • Once your file has been processed, you will receive an email informing you of the correct deletion of the records from the MadKudu database.

    *Please note: Once the email is deleted, this cannot be undone.*

    Get records deleted via MadKudu GDPR deleted

    To use MadKudu GDPR, start by authenticating with your API key located in your account. Go to Settings > Integrations > API 
    Use this API doc for authentication instructions: https://developers.madkudu.com/#introduction

    Screenshot_2023-03-10_at_3.42.04_PM.png

    The API offers 2 options: sending a CSV file or an array of emails.

    Option 1: CSV file

    API Endpoint: https://api.madkudu.com/v1/gdpr/file -> Submit a csv file containing emails, using the csv file format suggested above.

    Example using cURL:

    curl --location --request POST '<https://api.madkudu.com/v1/gdpr/file>' \\
    -header 'Authorization: <BASIC_TOKEN>' \\
    -form 'csv_file=@"/Users/user/Desktop/gdpr_csv_test.csv"'

    Option 2: Array of emails

    API Endpoint: https://api.madkudu.com/v1/gdpr/array -> Submit an array of emails in json format.

    Example using cURL:

    curl --location --request POST '<https://api.madkudu.com/v1/gdpr/array>' \\
    -header 'Authorization: <BASIC_TOKEN>' \\
    -header 'Content-Type: application/json' \\
    -data-raw '["test+1@madkudu.com","test+2@madkudu.com"]'

    Expected responses:

    202 Accepted 400 Bad Request

    For other types of requests

    For requests other than record deletion, you can use our online form -> MadKudu’s data privacy management form.

     

    Screen_Shot_2022-01-11_at_9.21.41_AM.png

     

    At this form:

    1. Enter your email address with a valid company domain.
    2. Enter the email address of the contact record you would like to perform the request on.
    3. Select the appropriate GDPR-compliant action you would like to perform on the selected personal record.
      • For requests to Modify, enter a description on what needs to be changed.
    4. Then, click Submit Request.

     

    Related articles

    Table of contents