GDPR Right to Erasure in a Composable CDP: Why 'Delete' Is Harder Than It Sounds

Angle

A composable CDP stack syncs customer data from the CDW to dozens of downstream destinations via reverse-ETL. When a GDPR Article 17 erasure request arrives, the obligation cascades to every destination that received that data — and each requires independent deletion verification. Packaged CDPs handle cascade-delete within their own ecosystem; composable stacks leave it to the customer. The article maps when each architecture makes erasure manageable vs. a permanent operational fire drill.

Key decision this helps with

How does your CDP architecture affect the operational cost and audit-readiness of GDPR Article 17 erasure compliance?

Tradeoffs the article will map

• Composable CDP activation flexibility vs. cascade-delete complexity at erasure time
• Packaged CDP erasure automation vs. closed-ecosystem lock-in as the compliance cost
• Audit trail built into CDW lineage vs. destination-by-destination deletion tracking overhead

Open questions / uncertainties

• GDPR Article 17 third-party notification obligations for reverse-ETL destinations are not uniformly interpreted — whether 'without undue delay' applies to each destination sync cycle is unresolved in DPA guidance
• Whether CDW-side soft-delete (tombstone flag) satisfies Article 17 for activated downstream copies is jurisdiction-dependent

Knowledge-graph nodes this draws from

• constraint.gdpr-right-to-erasure
• capability.reverse-etl
• concept.composable-cdp
• vendor.hightouch
• vendor.census