Delete My Data!

Over the years, I have been asked by people to delete their data from my system because they don't want to be contacted again.

This is referencing two distinct data rights:
1) Right to be deleted (erasure) - GDPR Art. 17, CCPA §1798.105
2) Right to opt out - GDPR Art. 21, CAN-SPAM, TCPA, CCPA opt-out

The problem is that these two rights conflict in practice when applied literally.
- If I delete you fully from my CRM, it is very likely that you will show back up as a new lead at some point and we will failed to opt you out.
- If I keep you in my system marked as DO NOT CONTACT, then I have failed to honor your right of erasure.

In practice, I think the best solution is only retain a "suppression record" by deleting everything from the CRM about the contact exact for the information you need to ensure that they are not contacted again in the future.

Finally, it is very difficult and frustrating for people when you try to explain this to them. A better response is something like:

“We’ve deleted your personal information from our active systems and retained only the minimal data needed to ensure we never contact you again. This is the standard method for honoring both deletion and do-not-contact requests.”

How have you handled these kinds of requests respecting the data rights of your prospects as well as being compliant with applicable laws?