Api Key Rotation Workflow
API key rotation workflow with new key generation, dual-key transition period, client notification, old key deprecation, and audit logging.
Gdpr Deletion Workflow
GDPR data deletion workflow with identity verification, data inventory scan, PII removal across systems, backup purging, and deletion confirmation.
Full FlowZap Code
DataSubject { # Data Subject
n1: circle label:"Start"
n2: rectangle label:"Submit erasure request"
n3: rectangle label:"Verify identity via email"
n4: rectangle label:"Receive confirmation"
n5: circle label:"End"
n1.handle(right) -> n2.handle(left)
n2.handle(bottom) -> DPO.n6.handle(top) [label="Request received"]
n3.handle(bottom) -> DPO.n9.handle(top) [label="Identity confirmed"]
n4.handle(right) -> n5.handle(left)
}
DPO { # Data Protection Officer
n6: rectangle label:"Log request in register"
n7: rectangle label:"Send identity verification"
n8: diamond label:"Identity verified?"
n9: rectangle label:"Approve deletion request"
n10: rectangle label:"Reject with explanation"
n6.handle(right) -> n7.handle(left)
n7.handle(top) -> DataSubject.n3.handle(bottom) [label="Verify"]
n8.handle(right) -> n9.handle(left) [label="Yes"]
n8.handle(bottom) -> n10.handle(top) [label="No"]
n9.handle(bottom) -> DataSystems.n11.handle(top) [label="Execute"]
n10.handle(top) -> DataSubject.n4.handle(bottom) [label="Denied"]
}
DataSystems { # Data Systems
n11: rectangle label:"Query all data stores"
n12: rectangle label:"Delete from primary database"
n13: rectangle label:"Remove from analytics"
n14: rectangle label:"Purge from backups"
n15: diamond label:"Third-party data shared?"
n16: rectangle label:"Send deletion requests to partners"
n17: rectangle label:"Generate deletion certificate"
n11.handle(right) -> n12.handle(left)
n12.handle(right) -> n13.handle(left)
n13.handle(right) -> n14.handle(left)
n14.handle(right) -> n15.handle(left)
n15.handle(right) -> n16.handle(left) [label="Yes"]
n15.handle(bottom) -> n17.handle(top) [label="No"]
n16.handle(bottom) -> n17.handle(left)
n17.handle(top) -> DataSubject.n4.handle(bottom) [label="Complete"]
}Why This Workflow?
GDPR "right to be forgotten" requests must be fulfilled within 30 days or face fines up to €20M. This workflow ensures complete PII removal across all systems with proper verification and audit trails.
How It Works
- Step 1: Deletion request is received and identity is verified.
- Step 2: Data inventory scan identifies all systems containing the user's PII.
- Step 3: PII is removed from production databases, backups, and third-party systems.
- Step 4: Backup purging is scheduled according to retention policies.
- Step 5: Deletion confirmation is sent to the user with summary of data removed.
- Step 6: Audit log is retained for compliance documentation.
Alternatives
Manual GDPR deletion using spreadsheets is error-prone and slow. Privacy tools like OneTrust or BigID cost $50K+/year. This workflow helps companies visualize their data deletion process.
Key Facts
| Template Name | Gdpr Deletion Workflow |
| Category | business-operations |
| Steps | 6 workflow steps |
| Format | FlowZap Code (.fz file) |
Related templates
Consent Management Workflow
User consent management workflow with cookie banner, preference center, consent recording, downstream system sync, and audit trail.
Ab Test Setup Workflow
A/B test setup workflow with hypothesis definition, variant creation, traffic allocation, statistical analysis, and winner deployment.
Account Deletion Workflow
Account deletion workflow with cancellation reason capture, retention offer, subscription termination, data cleanup, and confirmation email.
Billing Dispute Workflow
Billing dispute workflow with dispute intake, transaction review, fraud analysis, resolution decision, and chargeback response handling.
Cohort Analysis Workflow
Cohort analysis workflow with user segmentation by signup date, retention curve calculation, LTV projection, and behavioral pattern identification.