GDPR Data Deletion
The cluster focuses on debates about GDPR requirements for deleting user data, including challenges with backups, immutable storage, right to be forgotten, and compliance strategies like tracking deletion requests for restores.
Activity Over Time
Top Contributors
Keywords
Sample Comments
What happens if you have to delete some data e.g. due to law?
Data that I wanted to delete isn't necessary for the functioning of the service, so doesn't that mean the GDPR requires it to be hard-deleted within a reasonable time?
How do you keep track of what info needs to be deleted on restore without violating GDPR?
Doesn't GDPR require them to really delete?
Under GDPR I'm fairly certain that they've implemented actual deletion. GDPR even requires companies to go so far as to scan old tapes to delete user records on request by a 30-day deadline, iirc.
Retaining data that you said you had deleted is a major liability, especially now with GDPR.
No, they actually have to keep the data safe for their users. Deleting the data is a GDPR violation.
Yes, you can't keep deleted data indefinitely.
You don't keep the backup forever. GDPR forces you to reasonable measures for deletion.You could also keep a record of "to-delete" primary keys in event of a restore along with your backups.All of this should have been implemented a long time ago, some European countries demanded this already.I am surprised by the lack of imagination of people if they don't want to implement something (too burdensome, technically impossible,...) who can come up with decent sol
I think that they have to delete the data per your request to be GDPR compliant since no law requires keeping such date.