The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) define that consumers/data subjects have the right to view, update, extract and delete data that controllers & businesses have saved on them. When a consumer/data subject exercises their rights, they create a data subject request (DSR). This page will guide you through mParticle’s support for handling DSRs for both GDPR and CCPA.
The GDPR defines three entities involved in data collection, with different rights and responsibilities:
- Data Subject - A person whose data is gathered. Generally a user of your app.
- Data Controller - An entity gathering the data. mParticle provides tools for Data Controllers to fulfill their obligations under the GDPR.
- Data Processor - An entity that handles or stores data for the Data Controller. Under the GDPR, mParticle acts as a Data Processor.
The reason why an Access or Portability request is getting a 4XX error is that the download link has expired and it needs to be regenerated.
The link remains valid for 7 days. Attempting to access the download link after that time will result in a 4XX
HTTP response.
To learn more, please visit our docs.