> Watch them scramble trying to figure out how to even go about that.
It won't be much of a scramble. First, they will look at your email to see if you have actually provided enough information in the email to tell whose data you are talking about and to prove that you are that person. If not you will probably get a response telling you what you need to provide.
When you've provided that information, then they will run their standard "delete someone's data" procedure. Whether or not that actually deletes and data that came in via some pre-submit channel will depend on whether they actual realize they have that data.
If they are actually using that as an intentional persistent data collection method, it will probably be in some place that is covered by they normal "delete someone's data" procedure.
If they are using it for some transitory purpose, it is quite possible that any long term storage was accidental and might not be in someplace the "delete someone's data" procedure covers.
In either of these cases it won't cause any scrambling.
Finally, your delete request will probably be added to a database along with enough information to identify whose data was deleted. They need this because GDPR data deletion requests do not require the company to immediately go through all backups deleting your data from them. It is likely to remain on old backup media until the ordinary backup media rotation reuses that media for a new backup.
Hence, they need to keep a record of deletions and who they were for so that if they ever have to restore from backup then can then reapply deletions.
This last is kind of amusing. Where I work we keep very little data on customers beyond what is legally required by the EU. When someone requests data deletion it can actually increase the net amount of data we retain about them. The record of their deletion request can add more data than the deletion request deleted.
It won't be much of a scramble. First, they will look at your email to see if you have actually provided enough information in the email to tell whose data you are talking about and to prove that you are that person. If not you will probably get a response telling you what you need to provide.
When you've provided that information, then they will run their standard "delete someone's data" procedure. Whether or not that actually deletes and data that came in via some pre-submit channel will depend on whether they actual realize they have that data.
If they are actually using that as an intentional persistent data collection method, it will probably be in some place that is covered by they normal "delete someone's data" procedure.
If they are using it for some transitory purpose, it is quite possible that any long term storage was accidental and might not be in someplace the "delete someone's data" procedure covers.
In either of these cases it won't cause any scrambling.
Finally, your delete request will probably be added to a database along with enough information to identify whose data was deleted. They need this because GDPR data deletion requests do not require the company to immediately go through all backups deleting your data from them. It is likely to remain on old backup media until the ordinary backup media rotation reuses that media for a new backup.
Hence, they need to keep a record of deletions and who they were for so that if they ever have to restore from backup then can then reapply deletions.
This last is kind of amusing. Where I work we keep very little data on customers beyond what is legally required by the EU. When someone requests data deletion it can actually increase the net amount of data we retain about them. The record of their deletion request can add more data than the deletion request deleted.