Safe Deletion for CPRA/GDPR – Deleting Data Safely Without Compromising Database Integrity
Safe data deletion is a basic customer right that has become a requirement following privacy regulations such as GDPR “Right to be Forgotten” (article 17), CCPA “Right to Deletion” and other privacy regulations worldwide.
These privacy regulations have provided customers with the legal right to request any organization to delete their personal data. While this is a basic right for the customer, it has become an implementation nightmare for many organizations, mainly because safely deleting data across hundreds of databases without causing database corruption and application instability is not such a simple task as it may seem.
Today, much of the customer data is stored on complex SQL and no-SQL data stores cross cloud and hybrid and handling it raises numerous challenges. In this blog post, we will address the main risk of data deletion – Data Corruption.
When hard data deletion is possible (i.e. completely deleting data at-source), it is, of course, the best option. But in reality, that is quite often not the case. Many Data warehouses, operational databases, data lakes and other data stores often contain thousands of tables. These tables are intertwined with logical and physical relationships (joins, unique indexes, primary keys), hence “simply” deleting a customer record spread across multiple tables containing the personal data can break relationships or referential integrity and cause data corruption negatively impacting critical business applications.
The hard truth is that in many cases, such as in certain big data platforms, performing Hard Deletion without causing data corruption is impossible. Such cases need special consideration and a suitable solution that would still enable organizations to comply with deletion requirements.
With both business agility and customer privacy in mind, we have made it our mission to enable organizations to apply safe deletion while avoiding massive data corruption challenges and without compromising database integrity.
SecuPi Safe Deletion platform provides hard and soft deletion options that meet your IT restrictions for cases where hard deletion cannot be performed. This provided companies with effective tools to hide customer data without actually deleting them from the underline databases and big data repositories, all while the requested data is inaccessible (“Put beyond use”).
SecuPi Safe Deletion platform allows to successfully and safely address data deletion requirements through “Soft Deletion”, “Hard Anonymization” and “Hard Deletion” quickly and without causing data corruption.
Soft Deletion means deploying SecuPi application-overlay filters or SecuPI transparent gateways, that hide personal data of customers who asked to be forgotten from all data-flows and processes without actually deleting them from the underline databases and big data repositories.
SecuPi Hard Anonymization means changing (anonymizing) selected personal data elements without touching referential fields (to prevent integrity problems). Soft deletion is typically used when Hard Deletion/Anonymization cannot be applied (such as in Big data or archives), and hard anonymization is used When there are no APIs that can be used for Hard Deletion.
Organizations today need a platform that provides them will all the deletion options, so the appropriate deletion method is used for the right situation; Hard Deletion when possible, and Soft Deletion as the safest and most effective alternative when data needs to be deleted.