FAQs about GPDR and anonymization

1. What is the meaning of Anonymization date?

This is the date when data for a person will be anonymized or deleted based on when they were last used, whichever is the latest.

2. What is the meaning of Last date of use?

“Use” is defined as the latest date of:

  • The last day of any event that person is registered for, including cancelled people
  • The last day of any event a person is a registration contact for
  • The last day of any event a person has started or completed an abstract submission for (including inactive and incomplete submissions)
  • The last day of any event a person is an author or co-author of an abstract for
  • The last day of any event a person is a reviewer for
  • The last day of any event a person is an award submitter for
  • The last day of any event a person is an award judge for
  • The last day of any event a person is a presenter/session chair for
  • The last day of any event a person is a guest for
  • The last day of any event a person is a table guest for
  • The last day of any event a person is a room guest for
  • The last day of any event a person is an invitee for
  • The last day of any event a person is on an event-specific list for
  • The last day of any event that a person is connected to in any other way
  • The date that any person last replied to a survey
  • The “last modified” timestamp on the person record

3. When do emails get anonymized?

The deletion date for emails will be calculated from the date they were sent.  Email content is either deleted after 12 months, or the number of months specified on the “Data Protection (GDPR)” page, whichever comes first. This may include emails for people that are not getting anonymized until a future date.  

For example, if you have set up your data protection to ‘Anonymize and delete data after’ “6” months, all emails sent more than 6 months ago will be anonymized. If you have set up your data protection to ‘Anonymize and delete data after’ “24” months, email content will be deleted after 12 months.

4. What is the meaning of Anonymized on?

This is the date that a person was anonymized for the first time.

5. What happens with data that is integrated with our CRM?

Anonymized data will not be updated in your CRM tool, such as Salesforce, therefore, sensitive data may still exist. You will need to check with your CRM provider about the data retention tools that they provide.

6. What happens if I’m sending an email to a list of people that includes anonymized people?

If you are sending emails in bulk and there are anonymized people on the mailing list, emails will not be sent until the anonymized people are removed from the list.

7. Can anonymized data be sent through the API?

In the API, IsAnonymized is sent as 'True' for anonymized people.

8. Are attendee categories anonymized/deleted PI?

No. The information about attendee categories maybe required for reporting purposes.

It will not be possible to trace a person based on an attendee category.                         

9. If we do not mark bookable items as PII, will we be able to still see an itemized invoice showing individual line items without a name and other PII attached?  

Yes. All invoice and credit note line items will be available. However, invoice PDFs generated through the API will be deleted so invoices will need to be checked in the Eventsforce admin portal. This information is stored in the database and can therefore still be accessed.                    

10. Do you have a recommended best practice on what duration to set before anonymization/deletion?

No, we cannot offer any advice.  We can only provide the tools.

11. How does the GDPR work with backed up data?

Any data that was previously backed-up will not be deleted. A back-up of anonymized data is not created, therefore, it cannot be retrieved.

12. What happens to abstracts submitted by someone who is anonymized?  

The abstract content will remain but the authors and co-authors will be anonymized. The audit trail will be deleted.

13. If an author submits an abstract with multiple co-authors and the author keeps attending conferences and so is not anonymized, what happens to the co-authors? Are they anonymized?

We treat them all as people, therefore, if the co-authors last used date falls within the duration set for anonymization, they will be anonymized.

14. If the co-authors still want to be associated with the abstract but the main author doesn’t what will happen?

We do not have a mechanism to opt-out specific types of people, so this is not possible. We would recommend making a change to the co-authors to update their last used date.

15. Does the abstract completely disappear if the main author is anonymized?

No

16. Will admin portal users be anonymized?

No

17. On invoicing anonymization, if we set our anonymization to occur at 24 months but invoicing anonymization to occur at 36 months would there be conflict? Would PII remain on the invoice for 12 months after the general anonymization?

Yes, Personally identifiable Information will be retained on the invoices data source after the booker's record has been anonymized. This information is limited to the available fields in the invoices data source. 

Other articles you may find useful:

Did this answer your question?