How long does the deletion and anonymization process take in GDPR Compliance?
- GDPR Compliance
We often receive questions regarding the average duration of the processes within our GDPR Compliance app. This article aims to explain the main factors influencing the time required to anonymize and delete data.
General Factors
- Volume of Data: The amount of data being processed significantly determines the duration of the process. Larger datasets naturally require more time to anonymize or delete than smaller ones.
- Type of Data: Processing user requests may take slightly longer than processing tickets due to additional retrieval steps and sub-processes involved.
- Process Preferences: Various process preferences can affect the duration of the process. For example, choosing to anonymize only personal information within comments rather than the entire comments can lead to differences in process speed.
Let's delve deeper into the specifics of anonymization and deletion processes, providing insights into how each factor affects process duration.
Anonymization
Anonymization involves obscuring personal data while retaining the integrity of ticket information. The speed of this process depends on several factors:
- Anonymization Preferences: Choosing between partial anonymization (anonymizing only personal information such as names, emails, phone, and card numbers within comments) and full anonymization (anonymizing entire comments) directly impacts process duration.
- Number and Size of Comments: The volume and length of comments play a pivotal role in increasing or decreasing the necessary time for anonymizing.
- Additional Preferences: Preferences such as unlinking requesters and creating internal notes can lengthen the process. The number of custom fields, groups, and forms also affects, although to a lesser extent.
So, we've conducted some testing that shows that full anonymization of comments is 40% faster than partial anonymization of sensitive information.
| GDPR Request | Type of List | Number of Tickets | Process Preferences | Time |
| Anonymizing | Ticket List | 500 | Full anonymization | ~13 min |
| Anonymizing | Ticket List | 500 | Partial anonymization | ~22 min |
The slowest anonymization scenario observed in our tests involved anonymizing five users with 100 tickets each, with partial anonymization of comments and enabled preferences Unlink Requester and Create Internal Note.
Deletion
Our tests revealed the following durations for deleting tickets:
| GDPR Request | Type of List | Number of Tickets | Process Preferences | Time |
| Deleting | Ticket List | 500 | Including users | ~10 min |
| Deleting | Ticket List | 1000 | Including users | ~20 min |
It's worth noting that deleting user lists, including associated tickets, may marginally extend process duration compared to deleting tickets alone. However, our deletion process's overall efficiency ensures timely data management in compliance with GDPR requirements.
As you can see, providing absolute times for anonymization and deletion processes is challenging due to the variability outlined above. However, understanding the influencing factors can help you estimate durations more effectively.
If you have any questions, feel free to contact our support team.
