How to Automate Responding to GDPR Data Removal Request Emails

Automate responding to GDPR Data Removal Request emails

Do you receive emails from your website users with the subject “Data Removal Request” that look like this?

I hereby withdraw my consent for you to collect, process or store any
personal data related to, and belonging to
Pursuant to my rights under Article 17 GDPR I request that you delete
any and all related data.

Thank you!

These data removal request emails are sent on behalf of your users when they sign up for a third party “unsubscribe” tool. This tool works by scraping your emails for signup confirmations from different services providers. I’ll ignore the huge problem with giving a random tool full access to read your emails. However what happens when you, as a website operator, receive one of these automated data removal request emails?

If you’re like WakaTime, you’ve already provided a way for users to delete their account and all related data even before GDPR. However, you still have to manually read and reply to automated GDPR emails even if it’s just to point them to your data removal page.

Let’s fix this by auto-responding to GDPR emails using Gmail Filters and Canned Responses!

Note: I’m not a lawyer, and it’s possibly safer to just never respond. Use at your own risk.

Here’s the email WakaTime auto-replies with after receiving a GDPR Data Removal request:

Hi there,

WakaTime cares about your privacy, but we can not comply to delete accounts
via email as that is very insecure. Deleting your WakaTime account removes
all personal data related to your account, sending us an email does not.

To delete your account and all related personal data, go here:

Best Regards,
Your WakaTime Team

To set this up for your website, first enable Canned Responses in your Gmail.

Gmail canned responses setting

Next, compose an email as if you were replying to a GDPR request. Instead of sending the email, save it as a Canned Response.

Gmail save canned response

Now that you have the canned response, search your Gmail for:

article 17 gdpr I request that you delete any and all data related to

Create a Gmail filter

Finally, configure your filter to skip your inbox and send your canned GDPR response.

Auto respond with canned response

From now on you won’t be bothered by GDPR Data Removal Request emails so you can focus your time and energy on building a useful product!

Tags in this article: