Klaas is right, it depends on the app and data you have. Is it interesting to keep it? Anonymize. If not, just delete it. I do have self-service deletion on all apps, it's a relatively small feature and saves you the tickets.
I have consumer apps and B2B apps, and deletion requests happen on both sometimes (far less on B2B), even with the self-service option.
For consumers I delete everything user identifying outright if they are making a personal request, except for financial stuff (for proof) - I keep those for 6 months, then auto prune. That's just in case they do a chargeback.
I have interesting data coming from the #whatpulse software - like used hardware peripherals, application versions and hashes, and more. Data that's useful even without attached users. That I anonymize.
There are also these services like saymine.com which automate requests via emails that'll send whenever they find a service in the users inbox. Irregardless of whether the user has already deleted their account. I find those so bloody annoying and lazy, I have auto responders set up to redirect the user to the self-service account deletion page. I know that's probably against the GDPR/CA/etc rules, but I don't care. 😉
Klaas is right, it depends on the app and data you have. Is it interesting to keep it? Anonymize. If not, just delete it. I do have self-service deletion on all apps, it's a relatively small feature and saves you the tickets.
I have consumer apps and B2B apps, and deletion requests happen on both sometimes (far less on B2B), even with the self-service option.
For consumers I delete everything user identifying outright if they are making a personal request, except for financial stuff (for proof) - I keep those for 6 months, then auto prune. That's just in case they do a chargeback.
I have interesting data coming from the
#whatpulse software - like used hardware peripherals, application versions and hashes, and more. Data that's useful even without attached users. That I anonymize.
There are also these services like saymine.com which automate requests via emails that'll send whenever they find a service in the users inbox. Irregardless of whether the user has already deleted their account. I find those so bloody annoying and lazy, I have auto responders set up to redirect the user to the self-service account deletion page. I know that's probably against the GDPR/CA/etc rules, but I don't care. 😉