Deletion Concept

Definition

A deletion concept is a structured, documented approach for the systematic deletion of personal data that is no longer needed for its original processing purpose. It is based on the principle of storage limitation under Art. 5(1)(e) of the General Data Protection Regulation (GDPR), which stipulates that personal data may only be stored for as long as is necessary for the processing purpose.

A deletion concept typically defines: categories of stored data, the respective retention periods taking into account statutory retention obligations (e.g., 6 or 10 years under commercial and tax law), the deletion deadlines after the processing purpose ceases, the persons responsible for deletion, the technical deletion procedures, and the documentation of completed deletions. The DIN 66398 standard provides a recognized guideline for creating deletion concepts.

Simply Explained

Imagine your office: files are piling up on your desk, folders from years past fill the cabinets. Without a system, everything spirals out of control. A deletion concept is like a cleanup schedule: it defines which files need to be kept for how long and when they should be shredded.

In the digital world, it works exactly the same way. A deletion concept defines when which files, emails, customer data, or backups need to be deleted. It ensures that data isn't stored indefinitely simply because nobody thinks about cleaning up. Because GDPR requires that personal data be deleted when it is no longer needed.

Why Does It Matter?

A deletion concept is not an optional luxury but a core GDPR requirement with far-reaching practical consequences:

• Legal Obligation: The GDPR obligates companies to limit storage and delete data that is no longer needed. Without a deletion concept, the systematic implementation of this obligation is virtually impossible.
• Data Subject Rights: Data subjects have a right to erasure under Art. 17 GDPR (right to be forgotten). Without a deletion concept, this right cannot be efficiently implemented.
• Risk Minimization: The more data a company stores, the greater the risk in case of a data breach. Consistent deletion reduces the attack surface.
• Compliance Evidence: During inspections by supervisory authorities, the deletion concept is an important compliance document. Its absence is regularly criticized.
• Cost Savings: The permanent storage of unused data causes unnecessary costs for storage space, backups, and administration.

Practical Example

A recruitment agency collects application documents from candidates through an upload platform: resumes, certificates, reference letters. After a position is filled, the documents of non-selected applicants are not deleted because no one is responsible and no deletion process has been defined.

Two years later, the data protection supervisory authority conducts an audit and discovers thousands of application documents still stored despite the processing purpose (filling the position) having long since ceased. The authority criticizes the lack of a deletion concept and sets a deadline for implementation.

The recruitment agency then creates a deletion concept:

• Application documents are automatically deleted six months after completion of the selection process
• Candidates who wish to join the talent pool grant separate consent
• All deletion operations are documented in the audit trail
• Quarterly review of compliance

How SendMeSafe Implements This

SendMeSafe provides businesses with the technical tools to efficiently implement their deletion concept:

• Automatic Expiration Dates: Upload links can be set with expiration dates. After expiry, the link is no longer usable and uploaded files can be automatically cleaned up.
• Share Link Expiration: Share links can be configured with expiration dates and download limits, ensuring that access to shared files is time-limited.
• Manual Deletion: Organizations can manually delete files, clients, and all their associated data at any time. Deletion covers both database entries and files stored in S3.
• Client Status Tracking: The status of each client (Open, Partial, Complete) helps identify completed cases whose data may be eligible for deletion.
• Audit Trail: All deletion operations are logged, ensuring that the implementation of the deletion concept is documented and verifiable.
• Organization Control: Administrators have full control over all stored data and can enforce the deletion concept organization-wide.

Frequently Asked Questions

What retention periods must I observe?

The most important statutory retention periods in the EU include: 10 years for accounting records, annual financial statements, and tax documents, 6 years for business correspondence. For application documents, a recommended period of 6 months after completion of the process applies. Employment-related documents should be retained for 3 years after termination (statute of limitations). The deletion concept must account for these periods.

What does deletion mean technically?

Technically, deletion means that data is irrecoverably removed. Simply moving files to a recycle bin is not sufficient. For files on hard drives, this means overwriting the storage areas. For data in databases, it means permanently removing the records, not just setting a deletion flag. For cloud storage, it must be ensured that backups and replicas are also deleted. At SendMeSafe, deleted files are removed from both the database and S3 storage.

Must I document my deletion concept?

Yes, documentation is an essential component of the deletion concept. It must show which data categories are stored and deleted with which deadlines, who is responsible for deletion, and how deletion is technically implemented. The documentation serves as evidence for supervisory authorities and should be updated regularly.

What happens with a deletion request from a data subject?

When a data subject requests deletion of their data under Art. 17 GDPR, the company must respond without undue delay, typically within one month. The deletion concept should include a process for such requests that covers the review, execution, and documentation of the deletion. Statutory retention obligations may, in individual cases, override the deletion request.