Deletion concept, but correctly
(UK GDPR compliant)
A GDPR-compliant deletion concept is not exclusively about Art. 17 GDPR, in which natural persons have the right to have their personal data deleted under certain conditions. Rather, it is about consistent data erasure under all existing legal bases. It is also about the monitoring and documentation of the deletion of personal data, as well as the monitoring and documentation of the deletion periods.
The BDSG-neu and also the DSGVO stipulate the deletion of personal data when it is either no longer needed, has fulfilled its purpose or the data subject requests the deletion of this personal data. In order to fulfil everything correctly, a comprehensive deletion concept must be created. In such a deletion concept, it is precisely regulated who has to delete which data (customer data, employee data, etc.) and when. Every company must designate responsible persons for this purpose. The data protection officer has an advisory and not an executive function here. He or she should help those responsible and monitor that they fulfil their control function correctly. Furthermore, the deletion concept should state where the data is stored (in which applications, backups, tables, etc.) and how the data is to be deleted.
However, what sounds quite simple in theory is very difficult to implement in practice. Companies process many data sets in different systems and/or platforms. Likewise, backups and back-ups are made regularly. Furthermore, it becomes difficult when individual data sets are needed in different applications. These are just a few examples of what needs to be taken into account when deleting a data set.
Now, however, there is not only the obligation for a company to delete a data set, but also the obligation to back up personal data according to Art. 32(1)(b) GDPR. Selective data deletion is difficult (if not impossible) in such cases. The only thing that helps here is to create and establish a sensibly thought-out deletion concept. The more detailed the document is, the more functions it can fulfil (proof for authorities, information for the data subject, designation of the person responsible, listing of the storage location(s), etc.).
A well-founded deletion concept cannot solve the technical and organisational difficulties of deleting individual data records. However, it helps everyone involved to get an overview and thus to be able to better optimise and adapt the processes.
Failure to have such a complete deletion concept can result in heavy fines.