How to handle data deletion requests across automated flows?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Someone just submitted a deletion request and they're actively enrolled in three of your automated flows. Now what? This is one of those moments where moving fast matters, but moving correctly matters more.
A data deletion request (under GDPR's Right to Erasure, CCPA, or similar laws) isn't just about removing someone from a list. It means wiping their profile, halting active automations, and making sure they can never accidentally re-enter a flow because of a leftover trigger or synced data source.
Here's how to work through it properly.
Step 1: Exit them from all active automations immediately. Don't wait for the current flow to reach a natural endpoint. Pull them out now. Any scheduled or queued emails tied to that contact need to be cancelled too. If your platform has a "pause" option, that's not enough. You need a hard exit.
Step 2: Delete their profile and behavioral data. This means contact record, activity history, event triggers, custom field values, and any stored behavioral data your platform used to enroll them in flows in the first place. In platforms like Klaviyo, HubSpot, or Braze, there are dedicated deletion APIs or GDPR compliance panels. Use those, not just the "delete contact" button, which often leaves behavioral logs behind.
Step 3: Keep a suppression record, but only a suppression record. This is the one thing you should retain. Store a hashed version of their email address on your suppression list. That hash is what prevents them from re-entering your automation if their email shows up again through a form fill, a CRM sync, or an imported list. It contains no personal data, just a barrier.
Step 4: Block re-entry at the trigger level. Even with suppression in place, check your automation entry triggers. If a purchase, a sign-up, or a data import can re-enroll someone, you need suppression logic sitting before that trigger fires. Some platforms handle this automatically once a contact is marked as suppressed. Others don't. Check yours.
Step 5: Propagate the deletion to connected systems. Your ESP rarely holds all the data. If you're syncing with a CRM, a data warehouse, a loyalty platform, or a third-party analytics tool, the deletion has to travel to all of them. One connected system that still holds the profile can re-sync the contact back in without anyone noticing.
Step 6: Document everything. Record the date and time the request came in, what actions were taken, and when the deletion was confirmed. Most privacy regulations give you a response window (30 days under GDPR). Your documentation is what proves you hit it. Keep this in your compliance log, not just your ESP activity feed.
One thing worth checking now, before the next request arrives: does your platform offer a proper deletion workflow or just manual contact removal? If it's the latter, you might want to look at how suppression data syncs in real-time across your stack. Catching a gap before a deletion request arrives is a lot less stressful than patching it after.
And if your setup is complex or you're not sure whether your current process is actually compliant, our SOS hotline is free and there's no pitch attached. Just ask us and we'll walk through it with you.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.