Hi. We're on D365 Online CE v9x classic interface.
I'm investigating how to implement our contact retention policy as part of GDPR data compliance.
This involves identifying contacts that fit certain criteria, so we can look at deleting them.
The criteria are rather complex: contacts with cases over 3 years old, no open cases, no complaints under 10 years old.
I'm going to investigate whether we can use Power BI to create a report that looks at all these criteria, but I'd be glad to hear from anyone else who has already looked into how to manage contact retention and has any advice.#CustomerEngagement#Admin#DataManagement
Information rights, my fav subject :D There are multiple ways to do this and I have implemented various options. I've provided some rough notes on options and things to consider:
The simplest is a Ready for Deletion (RfD) field - you will likely need one regardless it could be a option set or a date field.
Any bulk delete jobs should then be run looking for this flag (or similar) - don't try and implement the retention rule logic in the bulk delete.
You can manually, or using Power Automate run queries to set the RfD.
There should be a break between setting RfD and the bulk delete (7 or 14 days)
The RfD can also be used for manual deletions (oops i didn't mean to create that) it means you can remove the delete privilege and add a bogus delete button which simply sets the RfD. Believe me, when you get the call for "Erm, I think I've just deleted 250 records" you will be glad of the deception.
You could use a calculated field for the RfD although this would probably only work in simple situations, eg delete 2 years after last modified.
An other option is to create a retention rule entity(RRE), in which you set the retention schedule, this means you do not need to define all the retention rules up front. You can then tag records with the retention rule, and (possibly with the use of calculated fields) work out when it should be deleted.
Generally I have never had a requirement to apply retention to contacts on their own, ie the contact goes when the last related record goes. It comes across as a "just in case" retention which is not really compliant with GDPR. So I would possibly favour applying any retention rules to your cases and complaints, then updating orphaned contacts.
The RRE could be tagged on cases on resolution, eg case type enquiry or complaint.
Another thing to consider is which, if any, is the vital record to apply retention to. Eg it could be difficult to ensure all emails, cases and contacts records are deleted on the same day, so if the important part is for the contacts to be gone spot on 2 yrs after the last interaction, then you may have to start getting rid of the child records a few days before.
Things get a bit more complicated where different departments are using contacts for different purposes, but it is just a case of building out the above points.
Happy to chat further
If you've found this thread useful, dive deeper into User Group community content by role