GDPR Data anonymization request introduction

The Ometria data anonymization and deletion request API allow you to:

  • Submit requests for individuals personal data to be anonymized
  • Check status of anonymization requests submitted via this API or inside the Ometria application

Details of this API can be found here: Ometria data anonymization and deletion request API

Lifecycle of a GDPR Data anonymization request

A data anonymization request can be submitted either by a user of the Ometria application ("in app") or via API request. Once a request is received it is processed within 14 days, and any personal data associated with that individual's identity is removed or anonymized.

Submitting a GDPR Data anonymization request

POST a JSON body containing the email address of the individual to anonymize along with an optional comment field and the data deletion action to take (currently only "anonymise" is supported).

curl -X POST \
    -H"Content-Type: application/json" \
    -H 'X-Ometria-Auth: YOUR_ACCESS_TOKEN' \
    -d '{"email_address":"test@example.com","action":"anonymise","comment":"Testing!"}' \
    'https://api.ometria.com/v2/data-deletion-request'

This returns the ID of the generated request:

{
    "id":"a8c53a39-e0fc-462c-b5fa-907fe70a9174"
}

Checking status of GDPR Data anonymization request

The ID value returned when creating the request can be used to check its status:

curl -X GET \
    -H"Content-Type: application/json" \
    -H 'X-Ometria-Auth: YOUR_ACCESS_TOKEN' \
    'https://api.ometria.com/v2/data-deletion-request/a8c53a39-e0fc-462c-b5fa-907fe70a9174'

This returns an object representing the status of the request. If the request has not yet been processed, fields "timestamp_completed" and "summary" will be empty.

  {
    "action": "anonymise",
    "comment": "Some comment",
    "id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
    "identities": [
      {
        "hashed_email": "3af31748a10ef8bd28ce7620c25fe18d@anonymous.ometria"
      }
    ],
    "source": {
      "api_request_id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
      "origin": "api",
      "user": {
        "email": "user@user.com",
        "name": "A user"
      }
    },
    "summary": "",
    "timestamp_completed": null,
    "timestamp_created": "2017-02-02 10:18:12.833949+00"
  }

After processing, the field "timestamp_completed" is set to the timestamp that processing was completed and the "summary" field contains a summary of the records found and processed:

  {
    "action": "anonymise",
    "comment": "Some comment",
    "id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
    "identities": [
      {
        "hashed_email": "3af31748a10ef8bd28ce7620c25fe18d@anonymous.ometria"
      }
    ],
    "source": {
      "api_request_id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
      "origin": "api",
      "user": {
        "email": "user@user.com",
        "name": "A user"
      }
    },
    "summary": "1 contact record anonymised, 15 events anonymise",
    "timestamp_completed": "2017-02-04 10:18:12.833949+00",
    "timestamp_created": "2017-02-02 10:18:12.833949+00"
  }

Rate limiting

Note that the GDPR data anonymization request is designed for requests raised by individuals. It is not designed for large scale data deletion. As a result, the API is rate limited to a maximum of 1 request per second.