GDPR Data Subject Erasure Flow
Receives a data subject erasure request via Forms, searches Salesforce for matching records by email, routes for legal approval, deletes all matching records on approve, logs the erasure to Dataverse, and emails confirmation.
Provided as-is, without warranty of any kind. Review and test each pattern in a non-production environment before deploying it to live automations. See our Terms.
Overview
This flow automates GDPR Article 17 (Right to Erasure) compliance end-to-end. When a data subject submits a Microsoft Forms erasure request, the flow searches Salesforce for matching records, routes the request through a legal approval gate, permanently deletes the approved records, writes an immutable audit entry to Dataverse, and confirms outcome to the requester by email.
Trigger: Microsoft Forms — when a new response is submitted Primary Salesforce Action: DeleteItem (target object hard-coded to Contact per FlowLibs schema-binding standard) Audit Log Target: Dataverse custom table flowlibs_gdprerasurelog
Use Case
Regulated organisations must honour GDPR Article 17 requests within 30 days, prove chain-of-custody on deletions, and route the decision through a legal reviewer. Manual handling is high-risk: records get missed, approvals go unlogged, and confirmations don't send. This flow collapses the full workflow into one automation — intake, search, approval, execute, audit, notify — with no human data-handling after submission.
The flow is ideal for teams that:
- Data subject submits a Right to Erasure request via your public-facing Microsoft Form
- Compliance team needs an immutable audit log of every erasure decision
- Legal must sign off before any destructive Salesforce action runs
- Requester must receive automated confirmation (or rejection with reason) within hours, not days
Flow Architecture
When a new GDPR erasure request is submitted
Microsoft Forms - CreateFormWebhookWebhook on the form referenced by env var `flowlibs_GDPRErasureFormId`. Fires whenever a new response is submitted.
Initialize variables (six parallel actions)
Initialize VariableSix parallel `InitializeVariable` actions read env vars into scoped variables: Salesforce object type, approver email, notification CC, Salesforce instance URL, Salesforce API version, and a deleted-records counter.
Get Erasure Request Response Details
Microsoft Forms - GetFormResponseByIdPulls the full form response by `responseId` from the webhook payload.
Compose Requester Email
ComposeCoalesces `body/responder` to a safe fallback (`unknown@unknown.com`) if the field is missing.
Compose SOQL Query
ComposeBuilds a parametric SOQL `SELECT Id, Name, Email FROM {Object} WHERE Email = '{requester}'` using the Salesforce object env var.
Search Salesforce For Matching Records
Salesforce - ExecuteSOQLQueryExecutes the composed SOQL query via the slash-path `queryParameters/query` parameter and returns matching records.
Compose Record Count
ComposeCounts matching records using `length(coalesce(..., createArray()))` to guard against null result sets.
Start and Wait For Legal Approval
Approvals - StartAndWaitForAnApprovalBasic approval assigned to `varApproverEmail`. Approval details include requester email, Salesforce object, matching record count, and a link back to Salesforce.
Environment Variables
| Schema name | Type | Default | Description |
|---|---|---|---|
| flowlibs_GDPRErasureFormId | String | <configure> | Microsoft Forms form GUID the trigger listens to. Set to the GUID of your public-facing GDPR erasure intake form. |
| flowlibs_ApprovalAssignedToEmail | String | <configure> | Legal reviewer's email for the approval gate. Set to the mailbox or distribution list responsible for approving erasures. |
| flowlibs_NotificationEmailAddress | String | <configure> | CC address on all outbound emails (privacy office / compliance mailbox). |
| flowlibs_SalesforceObjectType | String | Contact | Salesforce object used in the SOQL FROM clause and display fields (e.g., `Contact`, `Lead`, `Account`). |
| flowlibs_SalesforceInstanceUrl | String | <configure> | Salesforce instance base URL used as the approval `itemLink` (e.g., `https://myorg.lightning.force.com`). |
| flowlibs_SalesforceApiVersion | String | v59.0 | Salesforce REST API version written into the audit log notes (e.g., `v59.0`). |
Connectors & Connections
| Connector | API name | Actions used |
|---|---|---|
| Microsoft Forms | shared_microsoftforms | CreateFormWebhook (trigger) GetFormResponseById |
| Salesforce | shared_salesforce | ExecuteSOQLQuery DeleteItem |
| Approvals | shared_approvals | StartAndWaitForAnApproval |
| Office 365 Outlook | shared_office365 | SendEmailV2 |
| Microsoft Dataverse | shared_commondataserviceforapps | CreateRecord |
Note — All connections are referenced as solution connection references; the flow is portable between environments as long as a connection is mapped at import time.
Customization Guide
Almost every realistic variant of this flow can be implemented by changing environment variable values. A few cases require small edits inside the flow definition — those are called out explicitly below.
- Change the Salesforce target object
- Edit Delete_Salesforce_Record and change table from Contact to your target object. Also update the env var flowlibs_SalesforceObjectType default to match. Note: the SOQL FROM clause reads from the env var dynamically; only the DeleteItem table parameter is hard-coded, per FlowLibs standard.
- Change the Dataverse audit table
- Edit Log_Erasure_To_Dataverse and change entityName from flowlibs_gdprerasurelogs to your target collection logical name. Per FlowLibs standard, this value must be hard-coded at the connector action — never variable-driven.
- Add more SOQL fields
- Edit Compose_SOQL_Query to add columns to the SELECT clause. Downstream items (email body, audit log notes) reference Name and Email — update those Compose/email body expressions if you rename columns.
- Change the approval type
- Start_And_Wait_For_Legal_Approval uses approvalType: "Basic". To require multiple approvers, switch to "EveryoneMustApprove" or "FirstToRespond". Update the If condition's outcome string accordingly (Approve for Basic; Approve/Reject at any approver level for parallel types).
- Add a retention / cleanup policy
- This flow does not delete audit log entries. Pair with a scheduled cleanup flow against
Key Expressions
The flow is intentionally light on Power Fx / WDL gymnastics — the heaviest expressions are the branch-name concatenation and the approval outcome check. They are listed below in the order they appear in the flow.
EXPR.01Requester fallback
Safe fallback if the form responder field is missing — keeps downstream SOQL and email actions from failing on null.
EXPR.02Dynamic SOQL
Builds the SOQL query at runtime from the configured Salesforce object env var and the requester email.
EXPR.03Record count (null-safe)
Coalesces a null records array to an empty array before measuring length — used in approval body and condition logic.
EXPR.04Rejection comments coalesce
Pulls the first approver's comments off the approval response, falling back to a friendly placeholder when blank.
Comments
Sign in to join the conversation.
Sign inNo comments yet. Be the first to share your experience with this flow.