Automate GDPR deletion request

we did was we built a really boring workflow but one that's really useful because it um does a lot of um so far manual steps and what it does is it deletes data um i think it does that when we get gdpr requests like or when users say like hey please delete everything you start about me um then we technically have 30 days to comply with this well as you can see by the number of nodes we have like a large number of services um i've listed them in notion if you're really curious of where we all have data right so and we need to go to each of these services and delete the data so our goal was to automate this and also to lock this so um let's actually show you how it works wanted to build a nice ui if we had some time left today and also nice in general but as always there was no time left today so this can be triggered in a really simple way let's just um put it in using a metamode slash command gdpr delete followed by the email address um like let's take an email address definitely does not exist do not want to delete any production data from you can see the workflow runs and it will then contact every individual service and um uh what makes this so handy is that all of the services it deletes data from our sub workflows so they can easily be swapped in and out we did when we started working on this project was we agreed on like a format for handing over the data to these sub workflows and for how the response data should look like so we can easily just add new modules as we connect to new services or remove existing services and at the very end i don't want to spoil it but you can probably guess it from the node description at the very end it just aggregates the result it has from every single node most nodes will run faster pedal is just very slow so this is not very exciting we'll take like a minute for pedal to find the user and i won't even delete the data we'll just share information on how to delete you can see the other nodes are much faster and at the very end it creates like a small report that it can respond to in mata most but it will also um lock the action in base row and the way it does this is it creates a hash value of the email so a value that essentially is a unique identifier for the email but then can only be calculated in one way so if a user ever comes back to us and say hey why did my data got deleted we will still be able to figure out that it was deleted as a result of a gdpr request but no one will be able to use that hash value and calculate back the email of the user so we have anonymized data that goes in a simple uh log like so right we store like this number that hopefully no one is able to identify um and we'll also keep the notes of the services where data has been deleted obviously nothing has been deleted here because our user was just an example user so this was essentially a very august workflow for me because it makes my life much easier because i've been handling these gdpr requests so far and thankfully tomasina and john have helped me with this it was also really cool project to split up because everyone could look at individual services so looking at these sub workflows they all look very different you can see like a really simple one for example would be the pedal one which uses a bit of javascript logic then a really um complex one was one of the ones john was working on the mailchimp one just because the api has many steps so you can see how there are very different workflows that handle each of the steps but they all fit together nicely by agreeing on some standard we can just easily add new services and remove them and that's pretty much what we did today you can look at the workflow if you're curious you can also see the data in base row which will be self-explanatory at hopes i hope because it lists the services where data has been purchased from and you can also ask us if you have any questions on this