How do I perform GDPR-compliant requests in MadKudu?

  • Updated on Nov 11, 2024
  • Published on Oct 9, 2024
  • 2 minute(s) read

Under the General Data Protection Regulation (GDPR), an individual saved as a contact in MadKudu contacts database has the right to request for certain actions to be performed on the personal data you have about them. To keep to our commitment to GDPR readiness, we offer the ability to:

  • Delete records: The GDPR requires permanent deletion of their contact record from your database, including email history, form submissions, and other engagement data and activity. This includes removing all data keyed by that email address from all storage mediums that don’t automatically expire data within 30 days. This includes archives, databases, and staging environments.

  • Modify incorrect or inaccurate data: The GDPR empowers individuals to correct any personal data that is deemed inaccurate or incomplete. In MadKudu, if the end-user asks you to change her information, we can do so from within her contact record.

  • Retrieve user-specific data: Under the GDPR, end users have a right to access their personal data and are entitled to obtain their personal data in a commonly used, structured format, such as a CSV file.

Requests are typically responded to within 30 days.

How to make GDPR requests

Get records deleted via CSV upload in MadKudu App

Pre-requisites

  • You are a customer of MadKudu

  • Have the Admin rights to the MadKudu app

Step by Step

  • Log in to the MadKudu app

  • Go to the Settings > Privacy. This section will only be visible if you have sufficient Admin access rights.

  • Upload a CSV of the emails you would like to delete from the MadKudu database. Your file should have a CSV extension.

  • Click "Delete Records" in the pop-up to validate the operation.

  • Once your file has been processed, you will receive an email informing you of the correct deletion of the records from the MadKudu database.

*Please note: Once the email is deleted, this cannot be undone.*

Get records deleted via MadKudu GDPR deleted

To use Privacy requests endpoint, start by authenticating with your API key located in your account. Go to Settings > Integrations > API 
Use this API doc for authentication instructions: https://developers.madkudu.com/#introduction

The API offers 2 options: sending a CSV file or an array of emails.

Option 1: CSV file

API Endpoint: https://api.madkudu.com/v1/gdpr/file -> Submit a csv file containing emails, using the csv file format suggested above.

Example using cURL:

curl --location --request POST '<https://api.madkudu.com/v1/gdpr/file>' \\
-header 'Authorization: <BASIC_TOKEN>' \\
-form 'csv_file=@"/Users/user/Desktop/gdpr_csv_test.csv"'

Option 2: Array of emails

API Endpoint: https://api.madkudu.com/v1/gdpr/array -> Submit an array of emails in json format.

Example using cURL:

curl --location --request POST '<https://api.madkudu.com/v1/gdpr/array>' \\
-header 'Authorization: <BASIC_TOKEN>' \\
-header 'Content-Type: application/json' \\
-data-raw '["test+1@madkudu.com","test+2@madkudu.com"]'

Expected responses:

202 Accepted 400 Bad Request

For other types of requests

For requests other than record deletion, you can use our online form -> MadKudu’s data privacy management form.

At this form:

  1. Enter your email address with a valid company domain.

  2. Enter the email address of the contact record you would like to perform the request on.

  3. Select the appropriate GDPR-compliant action you would like to perform on the selected personal record.

    • For requests to Modify, enter a description on what needs to be changed.

  4. Then, click Submit Request.