Data protection by design and by default
For Salesforce customers this article is generally the most challenging to understand. It covers a number of different privacy rights such as the right to revoke consent, view/access/obtain their personal information and in some cases, right to erasure. Where applicable information must be given on who the data controller and data protection officer is.
Business processes and measures are required to support pseudonymization, commonly referred to as de-identification or anonymization of customer information. Having a simple process to comply with the right to view/access/obtain information is also critical.
Manual: Build a flow process or apex to delete or anonymize requested customer data