I helped build a system for privacy compliance at a large non-faang tech company. Honestly 19 days seems crazy but this is what we dealt with:
It’s 2018 and you have to bolt this mass export/delete on every stateful service in your company. Many of these are “critical” services that are not actively worked on and have a very limited maintenance budget. That is, some team with a lot of existing responsibilities absorbed it along the way and they have no bandwidth for it.
So in some cases their mechanisms for retrieval/deletion were pretty egregious and so we agreed on a rate limit and we would queue these requests up and handle all of the paperwork. You get 30 days to comply and if you need another 30 all you have to do is send an update within the first 30.
So, quite possibly, they have a rate limit and a queue on at least a handful of backend services and it truly truly does not matter as long as the queue is under 60 days.
It’s 2018 and you have to bolt this mass export/delete on every stateful service in your company. Many of these are “critical” services that are not actively worked on and have a very limited maintenance budget. That is, some team with a lot of existing responsibilities absorbed it along the way and they have no bandwidth for it.
So in some cases their mechanisms for retrieval/deletion were pretty egregious and so we agreed on a rate limit and we would queue these requests up and handle all of the paperwork. You get 30 days to comply and if you need another 30 all you have to do is send an update within the first 30.
So, quite possibly, they have a rate limit and a queue on at least a handful of backend services and it truly truly does not matter as long as the queue is under 60 days.