Data Deletion (GDPR Compliance)

This is an example implementation of a GDPR-compliant data deletion workflow using Humancheck. This demonstrates how to integrate human review for compliance-sensitive operations, but Humancheck can be used for any data operation that requires human oversight.

Overview

The data deletion workflow:

User requests data deletion (GDPR right to be forgotten)
System identifies all data associated with the user
Request human review for verification
Reviewer verifies and approves deletion
System deletes all user data

Implementation

Basic Data Deletion Workflow

import httpx
import asyncio

async def delete_user_data_workflow(user_email, user_id):
    """Delete user data with GDPR compliance review."""
    async with httpx.AsyncClient() as client:
        # Gather all data to be deleted
        data_summary = await gather_user_data_summary(user_id)
        
        # Request human review
        response = await client.post(
        "https://api.humancheck.dev/reviews",
        headers={
            "Authorization": "Bearer your-api-key-here",
            "Content-Type": "application/json"
        },
        json={
                "task_type": "data_deletion",
                "proposed_action": f"Delete all data for user: {user_email} (ID: {user_id})",
                "agent_reasoning": f"GDPR deletion request. Data includes: {data_summary['summary']}",
                "confidence_score": 1.0,  # High confidence in request validity
                "urgency": "medium",
                "metadata": {
                    "user_id": user_id,
                    "user_email": user_email,
                    "request_type": "gdpr",
                    "data_summary": data_summary,
                    "data_points": data_summary["count"],
                    "estimated_deletion_time": data_summary["estimated_time"]
                },
                "blocking": True  # Wait for verification
            }
        )
        review = response.json()
        
        # Get decision
        decision = review.get("decision")
        if not decision:
            decision_response = await client.get(
                f"https://api.humancheck.dev/reviews/{review['id']}/decision"
            )
            decision = decision_response.json()
        
        if decision["decision_type"] == "approve":
            # Delete all user data
            await delete_user_data(user_id, data_summary)
            return {"status": "deleted", "user_id": user_id}
        else:
            return {
                "status": "rejected",
                "reason": decision.get("notes"),
                "user_id": user_id
            }

async def gather_user_data_summary(user_id):
    """Gather summary of all user data."""
    # Query database for user data
    data_points = {
        "profile": await count_user_profiles(user_id),
        "orders": await count_user_orders(user_id),
        "messages": await count_user_messages(user_id),
        "files": await count_user_files(user_id),
        "logs": await count_user_logs(user_id)
    }
    
    total_count = sum(data_points.values())
    
    return {
        "summary": f"{total_count} data points across {len([k for k, v in data_points.items() if v > 0])} categories",
        "count": total_count,
        "breakdown": data_points,
        "estimated_time": f"{total_count * 0.1:.1f} seconds"
    }

async def delete_user_data(user_id, data_summary):
    """Delete all user data."""
    # Delete in order to maintain referential integrity
    await delete_user_files(user_id)
    await delete_user_messages(user_id)
    await delete_user_orders(user_id)
    await delete_user_logs(user_id)
    await delete_user_profile(user_id)
    
    # Log deletion
    await log_deletion(user_id, data_summary)

Advanced Features

Partial Data Deletion

async def partial_data_deletion_workflow(user_id, data_categories):
    """Delete specific categories of user data."""
    response = await client.post(
        "https://api.humancheck.dev/reviews",
        headers={
            "Authorization": "Bearer your-api-key-here",
            "Content-Type": "application/json"
        },
        json={
            "task_type": "data_deletion",
            "proposed_action": f"Delete specific data categories for user ID {user_id}: {', '.join(data_categories)}",
            "agent_reasoning": "Partial data deletion request",
            "metadata": {
                "user_id": user_id,
                "categories": data_categories,
                "deletion_type": "partial"
            },
            "blocking": True
        }
    )

Data Export Before Deletion

async def delete_with_export_workflow(user_id):
    """Export user data before deletion."""
    # Export data first
    export_file = await export_user_data(user_id)
    
    response = await client.post(
        "https://api.humancheck.dev/reviews",
        headers={
            "Authorization": "Bearer your-api-key-here",
            "Content-Type": "application/json"
        },
        json={
            "task_type": "data_deletion",
            "proposed_action": f"Delete all data for user ID {user_id} (export available: {export_file})",
            "agent_reasoning": "Data exported before deletion. Deletion will proceed after approval.",
            "metadata": {
                "user_id": user_id,
                "export_file": export_file,
                "export_completed": True
            },
            "blocking": True
        }
    )

Scheduled Deletion

async def scheduled_deletion_workflow(user_id, deletion_date):
    """Schedule data deletion for future date."""
    response = await client.post(
        "https://api.humancheck.dev/reviews",
        headers={
            "Authorization": "Bearer your-api-key-here",
            "Content-Type": "application/json"
        },
        json={
            "task_type": "data_deletion",
            "proposed_action": f"Schedule deletion of all data for user ID {user_id} for {deletion_date}",
            "agent_reasoning": "Scheduled deletion allows user to cancel if needed",
            "metadata": {
                "user_id": user_id,
                "scheduled_date": deletion_date.isoformat(),
                "is_scheduled": True
            },
            "urgency": "low"
        }
    )

Compliance Features

async def gdpr_compliant_deletion(user_id, request_id):
    """GDPR-compliant deletion with audit trail."""
    response = await client.post(
        "https://api.humancheck.dev/reviews",
        headers={
            "Authorization": "Bearer your-api-key-here",
            "Content-Type": "application/json"
        },
        json={
            "task_type": "data_deletion",
            "proposed_action": f"GDPR deletion request #{request_id} for user ID {user_id}",
            "agent_reasoning": "GDPR Article 17 - Right to erasure",
            "metadata": {
                "user_id": user_id,
                "request_id": request_id,
                "legal_basis": "GDPR Article 17",
                "compliance_required": True,
                "audit_trail": True
            },
            "blocking": True
        }
    )
    
    # After approval, maintain audit trail
    review = response.json()
    decision = review.get("decision")
    
    if decision["decision_type"] == "approve":
        await log_gdpr_deletion(user_id, request_id, review["id"], decision)

Verification Requirements

async def verify_user_identity(user_id, verification_token):
    """Verify user identity before deletion."""
    is_verified = await check_verification_token(user_id, verification_token)
    
    if not is_verified:
        return {"error": "Identity verification failed"}
    
    # Proceed with deletion request
    return await delete_user_data_workflow(user_id)

Routing Rules

Route data deletion requests to compliance team:

await client.post(
        "https://api.humancheck.dev/reviews",
        headers={
            "Authorization": "Bearer your-api-key-here",
            "Content-Type": "application/json"
        },
        json={
        "name": "Data deletion to compliance team",
        "organization_id": 1,
        "priority": 200,  # High priority
        "conditions": {
            "task_type": {"operator": "=", "value": "data_deletion"}
        },
        "assign_to_team_id": 3,  # Compliance team
        "is_active": True
    }
)

Dashboard Integration

The data deletion request appears in the dashboard with:

User identification (ID, email)
Data summary (what will be deleted)
Request type (GDPR, user request, etc.)
Data categories and counts
Export availability (if applicable)

Reviewers can:

✅ Approve deletion after verification
❌ Reject if verification fails or user identity is unclear
✏️ Modify to schedule deletion or change scope

Best Practices

Always require review: Data deletion should never be automatic
Provide comprehensive summaries: Show what data will be deleted
Maintain audit trails: Log all deletion requests and decisions
Verify user identity: Ensure the request is legitimate
Consider data export: Offer to export data before deletion
Use appropriate urgency: GDPR requests may have legal deadlines

Legal Considerations

GDPR Article 17: Right to erasure
CCPA: California Consumer Privacy Act
Data retention policies: Some data may need to be retained for legal reasons
Backup considerations: Ensure backups are also handled

Next Steps

Learn about Content Moderation workflows
Explore Routing Rules for automatic assignment
Check out Connectors for notifications

Getting started

Products

Integrations

Use cases

Configuration

Connectors

Dashboard

Data Deletion (GDPR Compliance)

Overview

Implementation

Basic Data Deletion Workflow

Advanced Features

Partial Data Deletion

Data Export Before Deletion

Scheduled Deletion

Compliance Features

Verification Requirements

Routing Rules

Dashboard Integration

Best Practices

Legal Considerations

Next Steps

Getting started

Products

Integrations

Use cases

Configuration

Connectors

Dashboard

​Overview

​Implementation

​Basic Data Deletion Workflow

​Advanced Features

​Partial Data Deletion

​Data Export Before Deletion

​Scheduled Deletion

​Compliance Features

​GDPR Compliance Tracking

​Verification Requirements

​Routing Rules

​Dashboard Integration

​Best Practices

​Legal Considerations

​Next Steps

Overview

Implementation

Basic Data Deletion Workflow

Advanced Features

Partial Data Deletion

Data Export Before Deletion

Scheduled Deletion

Compliance Features

GDPR Compliance Tracking

Verification Requirements

Routing Rules

Dashboard Integration

Best Practices

Legal Considerations

Next Steps