Customizing Your Business Rules Through DSR Customization

Define what can be returned and deleted across your 3rd party integrations

For each Integration you connect to Ethyca, you will set up the associated DSR Customization. In the Control Panel, we then visualize all personal data and information available from each vendor's API, so you can determine what data to return to users, how to label that information for clarity, and what is necessary to erase.

Returning data from your 3rd party systems

To complete this exercise, you'll first want to define what a User Can Download by checking the box next to each relevant field. If you check the box in "User Can Download" that data will be included in the data subject request package whenever they submit a "Download My Data" in your Privacy Center. If you do not check off the box, data will not be returned the user

To make any customizations to the labels in the download package, you can type in edit the "Custom Label" field.


Erasing data from your 3rd party systems

If you select "User Can Erase", that field of data will be removed from the corresponding system.


When selecting the erasure option, it is important to think about the business implications of deleting data. For example, you may be required to retain your customer's personal information for certain legal requirements (i.e. tax laws, warranties, loans, fraud prevention). We recommend consulting with your legal team and business owners when defining where data can be deleted across your organization.


Why can't I uncheck certain ids?

  • Certain ids are not editable as they allow for Ethyca's integration to functionally collect and delete data across a wide variety of systems

How come some integrations do not have a deletion option available?

  • If there is no deletion option available, the vendor did not provide an API for erasing those fields in their system

Do I have to return the same fields of information across every system (i.e. email, address, first name), or do I only have to return it once?

  • You may fully deduplicate the dataset (i.e. if a subject's email address lives across Shopify and internal databases - you only need to return it once!).

Why does Ethyca include more than just personally identifiable information from each system?

  • Ethyca returns both personally identifiable information (PII) and personal data. PII refers to any information that can be used to distinguish one individual from another. However, GDPR and other regulations define personal data more broadly i.e. any information that relates to an identifiable, living individual.


If you have any questions about your account, please reach out to [email protected] for support.