Right to be forgotten – what if data CANNOT be deleted?
Right to be forgotten (RTBF) requires organizations to delete customer data upon the data subject request.
But what happens in cases where data CANNOT be deleted for technical reasons?
The idea behind Article 17 of GDPR (right to be forgotten) seems fairly straightforward; if a customer asks to be deleted, the organization must do so. But in reality, deleting data subject information is not always easy, and sometimes even impossible.
Take for example big data environments in which data cannot be completely deleted. However, the GDPR couldn’t care less – the organization is still obligated to comply with the privacy regulations and must delete the data.
If that’s not complicated enough, organizations could face a similar dead-end scenario in which RTBF interferes with retention requirements. According to the laws of retention, organizations are required to keep customer data for a certain retention period of about 7-10 years for legal and tax purposes. So on one hand, they are required to delete customer data, but on the other hand, they cannot delete it due to retention.
So what can be done?
The answer is Logical Deletion. Or in other words, masking personal customer data on the application level to prevent access to their information without actually deleting customer records in the databases. In cases where data cannot be deleted (e.g. big data environments), logical deletion dramatically reduces the risk of accesses to personal customer data, which is the best the organization can do to protect its customers’ privacy and be compliant.
For retention period, logical deletion makes personal data inaccessible to all, except authorized users (e.g., the DPO) or tax/legal processes. Then, after the retention period is over, data can be physically deleted completely.