Beacon makes it easy to store and work with all the wonderful contacts that make your organisation possible. But that doesn't mean you'll keep every contact forever!
This article looks at the common reasons you might be removing contacts, and best-practice for how to manage their data and the data related to them.
Reasons to delete data
The most common reasons that you'll be looking to remove someone's data are:
They've passed the timeframe for your data retention policy
They're no longer useful contacts to be storing
They've asked to have some or all of their data removed from your records, also known as a 'right to be forgotten request' or 'right to erasure request'
Additionally, you may be looking to remove them completely, or only particular data such as personally identifiable information (PII).
Data retention: Selecting records to delete
Most organisations will want to regularly review the records that they're keeping, and delete those that have been deemed not to be required, especially accoring to your data retention policies.
Whilst we can't tell you what your policy should be, we do have some tips and considerations for you!
Create a saved view with filters to identify those who are up for removal
It means you can create a (possibly complex) series of filters to really identify the contacts you don't need, and easily review them prior to deletion.Resist the temptation to be overly simplistic
For example, deleting everyone who you don't have marketing consent for, or those who haven't ever donated.
A contact can be valuable for all sorts of reasons!
If someone has been attending your events for a couple of years, and then decides to donate, that's an important history to be able to see so that you can steward them accordingly. If you'd deleted them before their donation then they'll look like someone brand new to your charity!Tip: Really think about why you're removing your contacts. There is an allure to reducing costs which, whilst absolutely a consideration, can lead to pruning important data that will help you to better steward your supporters in the future.
Keeping it clean and tidy is important, but your data is valuable and hard come-by!
Consider all the different ways that someone interacts with your charity
You may have many different touchpoints that would mean someone is still relevant to you.
For example: A payment, an event attendance, on your mailing list, a beneficiary, associated with a corporate partner, a member, has had a phone call/meeting/email with your staff, etc.
If a touchpoint or interaction is relevant, add a filter for it to make sure people with those records aren't in your list.
You'll likely make liberal use of 'Number of Related ... is 0' filters!
Different interactions may have different timeframes
Each touchpoint might have different timescales that would make it relevant.
For instance you might want to keep anyone who's made a donation in the last 7 years, but only keep someone who's only attended an event in the last 3. Or you'll want to keep anyone with an active membership, and perhaps 4 years after they're no longer a member.
Before removing any data, spot-check your list
Make your view available to your whole team and ask them to check that there isn't anyone there that really should be kept.
You can also select a variety of records at random to check their information to find any scenarios you hadn't accounted for in your filters yet, and you can then tweak the filters accordingly.
Removing the data
There are two main approaches to removing data from Beacon in these scenarios:
Deleting People records is by far the simplest and cleanest approach, but there may be circumstances where you want to retain some data on People and instead 'anonymise' them.
Recommended approach: Delete person permanently
Our recommendation for when you're looking to completely remove someone from Beacon is simply to permanently delete their Person record. This ensures that their personal information completely removed from your account.
Deleting a Person won't delete any of their related records; this is good, as you'll likely want to keep some of it! For example you probably want to keep someone's payments even if you're deleting the payer. For others, there may be further data to remove.
Tip: Where you do need to, you should delete information in any related records before deleting the Person record, as otherwise it will be very hard to find them!
Note: Permanently deleted People records will naturally no longer count towards your contact limit in Beacon. Bonus! 🙌
Handling related records
Whilst deleting the Person records will delete any personal data stored on that record, there may still be information on Alexa's related records that should also be removed.
Some of these can also simply be deleted. For example, we recommend permanently deleting any Activity records for the person - such as emails, phone calls, meetings, and notes - as they are highly likely to include personally identifiable information.
For any records that you would like to keep, where there is data in fields that you need to remove, there are two scenarios:
Data in point to another record fields (the field linking the record to the Person, such as 'Payer' on a Payment, or 'Member' on a Membership)
Data in any other fields
Point to another record fields
Point to another record fields reference the record that they're pointing at, so will automatically lose that information when the linked record is permanently deleted.
For example, a Payment from Alexa would normally show Alexa's linked Person record:
If we delete Alexa's Person record permanently, we'd not only see that there is no longer a reference to her as the payer, but reference to her has also been removed from the record's timeline. There's no way to know who the original payer was. Perfect!
Data in other fields
If you have personally identifiable information in other fields (such as the notes field on a Payment or a Case) then you would need to:
Remove the data from the field
Get an admin user to delete the audit logs that also show that information
Alternative option: 'Anonymise' the person record
Occasionally, you will need to keep the Person record and instead just remove some of the data so that you can:
Fulfil legal requirements (such as name and address for 6 years for Gift Aid)
Maintain anonymous or reporting data about the person that is not PII (such as their total donations, their demographics, etc.)
In these scenarios, you will want to remove any non-required data from the fields on People. You'll also need to remove it from the timeline, which will still show the audit logs of changes to the record.
Remove the data from the relevant fields (e.g. name, email, phone, etc.)
Get an admin user to delete the audit logs that also show that information
Tip: It can be a good idea to add some information to the record's 'Notes' field about the action you've taken, and why. For example: noting that it came from a right to erasure request on a particular date.
Note: Since we haven't deleted the Person record, they will naturally still count towards your contact limit in Beacon. If it's no longer useful, consider deleting it instead.
Handling related records
Because we've not deleted the Person record, all related records are still connected to it. If you've deleted the person's 'Name' they will show as linked to an "Unknown" Person record in any point to another record fields.
It's a good idea to consider which related records can simply be deleted. For example, we recommend permanently deleting any Activity records for the person - such as emails, phone calls, meetings, and notes - as they are highly likely to include personally identifiable information.
For any related records that you'd like to keep, if you have personally identifiable information in their fields (such as the notes field on a Payment or a Case) then you would need to repeat what you did on the Person:
Remove the data from the field
Get an admin user to delete the audit logs that also show that information
Frequently asked questions
Does the GDPR or UK GDPR specify a timeframe that we should keep data?
No. The GDPR and UK GDPR focus on the principle that data is kept for no longer than is necessary for the purposes for which it was collected, but don't offer any specific timeframes that should be applied.
How long each organisation keeps data is highly personal, and we recommend speaking to a data security or privacy expert for advice.