What is Soft Deletion?
SecuPi application overlay enables to define policies to hide personal data of customers that have indicated their wish to be deleted, without actually deleting their records in the database. This is referred as “Soft Deletion” and is achieved using SecuPi overlay intercepting personal data flows and processes across business applications, DBA and development tools. SecuPi policies apply customer data redaction/hiding within processing of data flows, pseudonymization, dynamic masking or blocking of requests – thus suppressing customer data access of those who asked to be forgotten.
Why is Soft Deletion used for Right to be Forgotten?
SecuPi is applying the erasure using soft deletion process: defining policies in SecuPi to redact the individual from all processing and data-flows where SecuPi has been configured. This is especially relevant during the retention period in which data must be kept for legal and tax purposes, usually for a 7-10 years. In this case, physical deletion of the individual records will not be performed and access to the individual records might be granted on a ‘need-to-know’ basis (e.g., only for approved situation by the regulator/DPO). After the retention period, SecuPi can apply physical deletion or anonymization of the individual records, while sustaining referential integrity of the data.
Big Data Information Deletion
Soft deletion for article 17 is also applied in cases where data cannot be deleted for technical reasons such in big data environments where deletion is technically impossible, or in archival systems where deletion is implausible due to extremely high costs and complexity.
SecuPi softly deletes personal customer data from custom applications in cases where data cannot be deleted for any reason; all with no code changes and within hours.