Suggestions and tools for a deletion concept

Peter Schaar
Categories:

Deletion of personal data from companies under criticism

from T. Mielke

The Federal Commissioner for the Data protection and Freedom of Information, Peter Schaar, celebrated his 24th birthday on April 24, 2013. Activity report for the years 2011 and 2012. Among other things, it criticizes the lack of specifications and regulations on the Deletion of personal data at the companies and provides a guideline for a Deletion concept before.

In the Activity report the Federal Commissioner for Data Protection presents, among other things, a guideline on data erasure. This guideline makes it clear that many companies are struggling with the Deletion digital data. Many companies also see no point in deleting data that is no longer required.

The data principles for NecessityData avoidance and data minimization oblige us to delete data that is no longer required. Article 6 of the EU Data Protection Directive contains a deletion and anonymization requirement. In the German Federal Data Protection Act (BDSG), Section 35 (2) BDSG contains the Deletion for those personal data that are no longer required for the legally permissible purposes.

In order to ensure a legally compliant, orderly Deletion of personal data, the authors of the guideline propose the development of a set of rules for the Deletiona so-called Deletion concept, is proposed. Among other things, the guideline recommends the use of standardized deletion periods and so-called deletion classes. These erasure classes are intended to reduce the complexity of the different erasure requirements. The erasure classes are used to assign personal data sets to erasure rules.

The creation of a complex extinguishing concept in companies would have the following advantages:

  • Processes for Deletion are clearly defined - this relates in particular to the deletion period
  • IT costs are reduced by streamlining data inventories and eliminating potential redundancies
  • The responsible Body fulfills its legal obligations and documents its data protection compliance
  • The protection of the person concerned is strengthened

The guideline provides data protection officers and IT security officers with a good basis for creating a deletion concept, but it does not relieve companies of the task of developing their own concept that takes into account the data used in the company, the structure of the company and the individual risks in the company.

 

 

Image: Wikipedia / Tobias Klenze / CC-BY-SA 4.0 (creativecommons.org/licenses/by/3.0) at de.wikipedia.org/wiki/Peter_Schaar#/media/File:2013-12-30_30C3_-_Peter_Schaar_3533.JPG

Contact us
Tags:
Share this post :

Popular categories

Newsletter

Subscribe to our data protection newsletter to receive the latest updates, tips and insights straight to your inbox.
Subscribe

Latest posts