Data Deletion Procedure

A perennial topic among the data protection issues is the deletion of personal data.

Drafting and implementing a Data Deletion procedure (DIN 66398)

Digitalization of business processes produces a vast amount of personal data like client logs, newsletter click rates, consent documentation as well as other data types and categories affecting all departments of a company such as the HR or the marketing department. Digitalization of business processes produces a vast amount of personal data like client logs, newsletter click rates, consent documentation as well as other data types and categories affecting all departments of a company such as the HR or the marketing department.

What does Data Deletion mean?

Whereas the processes to collect, store, review and assess data have reached a considerably high level of maturity, the question of deletion remains unanswered and unaddressed in many companies.

Companies have an obligation to delete personal data once they are no longer required for the purposes, they have been collected for according to Art 5 para. 1 lit. e of the General Data Protection Regulation (GDPR) and they need to be able to answer the following questions:

• Where is the data stored?
• Who is responsible for the deletion?
• When does it have to be deleted?
• And – most importantly: How is it going to be deleted?

Organizations are expected to demonstrate compliance with the storage limitation principle and the right to be forgotten by deleting the data according to the relevant legal requirements and the retention periods for each data category.

What we do for our clients

We support our clients by constructing a retention and deletion procedure, in which we:

• Identify the global Standard Procedures for archiving and retention periods;
• Take into account legal retention obligations and guidelines;
• Take into account country specific deviations;
• Determine and map the relevant data categories and data objects;
• Determine and map the relevant retention periods;
• Determine a customized implementation process.

 

FIRST PRIVACY supports, guides and advises all the way from the mapping of data sources, through the identification of data categories to the implementation and the technical requirements of the deletion process in an efficient and minimum time-consuming way possible.

Our deletion procedure gives you a compliant, time-saving, convenient and customized solution tailored to the business’ specific requirements together with our valuable guidance in setting your deletion concept in your organization every step of the way.