Deletion of Data

The correct handling of data also includes the correct deletion. The right to delete data is also enshrined in the General Data Protection Regulation, in Art. 17 of the GDPR.

There is no such right for anonymous data. However, even for anonymous data, deletion is of utmost importance to prevent it from falling into the wrong hands. This is important for both analogue and digital data carriers.

Analogue data carriers are for example hard discs, SSDs, CDs or USB sticks.

The simple deletion of data on the data medium by system applications is not sufficient to rid it of data. Recovery is still possible. This is because only the references to the files are deleted from the administrative information of the file system. If the data carriers are passed on to third parties, there is a danger that supposedly deleted data can be reconstructed and read out again. On the one hand, no one wants their private or business data to be accessed by unauthorised persons, and on the other hand, the confidentiality of the associated contents is violated.

Data should also be completely deleted from defective data carriers, since even with these, data recovery through software applications cannot be ruled out.

The Information Security Officer (ISO) is responsible for the correct deletion of data. He takes care that the requirements of the private security concept are met. An in-house policy for the deletion and destruction of data should be established.