{"id":4834,"date":"2018-06-08T12:26:14","date_gmt":"2018-06-08T11:26:14","guid":{"rendered":"https:\/\/woodpecker.co\/blog\/?p=4834"},"modified":"2025-08-20T15:00:57","modified_gmt":"2025-08-20T14:00:57","slug":"gdpr-data-deletion","status":"publish","type":"post","link":"https:\/\/woodpecker.co\/blog\/gdpr-data-deletion\/","title":{"rendered":"GDPR for Product Owners and Developers"},"content":{"rendered":"

GDPR has been a big boom for us all. While browsing the Internet, we can easily find a lot of info about what GDPR is, who and what it applies to, and what requirements we should meet as companies in order to comply with the regulation. But for many of us in the Internet industry, there\u2019s still the question of HOW we should actually apply it to our product.<\/p>\n

At Woodpecker<\/span>, we did some research,\u00a0tried to find the best solutions to implement, and then finally we came up with\u00a0the things that should be done to make our product GDPR\u2013friendly. I wanted to share a few tips which may inspire you to introduce some changes to your product or service.<\/p>\n

Who is this article for?<\/h2>\n

Before we start, let\u2019s\u00a0establish\u00a0who can benefit from this article. The tips I present within this blog post can\u00a0pique the interest\u00a0of SaaS<\/span> product owners, developers, Data Protection Officers dealing with API managers<\/a>, or any app owners, IT enthusiasts or the crowd interested in how GDPR influences their work or practices.<\/p>\n

Below, you\u2019ll find some key aspects of data safety for GDPR-compliant products and services.<\/p>\n

If you\u00a0have\u00a0a vague idea about GDPR, start with this article:<\/p>\n

GDPR Basics for Email Senders >>\u00a0<\/a><\/strong><\/p>\n

or download our GDPR ebook >><\/strong><\/a><\/p>\n

Data Deletion Procedure<\/h2>\n

If you create, design, or maintain any product or service, you should definitely think about how you can exercise the right to delete data\u00a0defined in GDPR. I\u2019m fully aware of the fact that deleting data may be extremely\u00a0troublesome for some data models.<\/p>\n

Nevertheless, you should be aware that\u00a0the difficulty of data deletion may not be a good enough excuse anymore. In case of most databases, deleting data should be feasible so long as you implement a system to switch from, for example, a user ID into null, to keep things in order.<\/p>\n

In many apps, the problem with data protection stems from the need to track events and activities within the application, and at the same time, not being allowed to store personal data due to data safety requirements.<\/p>\n

At Woodpecker<\/span>, we spent a lot of time thinking about this issue.<\/p>\n

We decided to use a\u00a0hash for our new GDPR-features<\/a> which enable\u00a0data encryption. Once our prospect is encrypted, we keep a piece of information, which may be comparable to a token \u2013 it does not involve any personal data, but at the same time, our statistics remain intact and clear.<\/p>\n

This concerns your users as well. The described feature of Woodpecker<\/span> was prepared for the safety of our users \u2013 simply to enable them being GDPR compliant while using our app.<\/p>\n

As you can probably imagine by now, there is not just one good solution. But no matter what solution you choose for your system, what you should do is to think about enabling data deletion\u00a0in your app. And once you do this, you should come up with a\u00a0way of substituting personal data in your system to keep the reports on activities and events working.<\/p>\n

But what about your sub-processors and third parties you\u2019re integrated with?<\/p>\n

If you push data through API, don\u2019t forget about providing a data deletion end-point to enable an API request for data deletion. Where may it be applicable? For example, if you use any CRM which stores your customers\u2019 data and you wish to have a coherent system for data management, including data deletion.<\/p>\n

Data access limitation<\/h2>\n

If you\u2019re an admin, this part would be especially interesting for you.<\/p>\n

The question is: how do you limit data access at your company? You probably know that the times when all the people can access everything are over. If you\u2019re responsible for data safety or data flow at your company, you should be able to assign data access roles and permissions to your co-workers.<\/p>\n

How to do that? Check if the tools, software, and all the in-house solutions you use allow a \u201climit access\u201d feature, which would enable you to draw a map of who can access what and why.<\/p>\n

This is also a good starting point for DPOs who are willing to take good care of data safety in their companies. And now struggle because they don’t know where to start.<\/p>\n

Again, if it is important to you as a software user \u2013 it is probably significant to your users too. If you provide any tool or service\u00a0that enables personal data processing, you should definitely\u00a0consider developing a functionality that\u00a0limits an access to various kinds of data.<\/p>\n

\n