As a software engineer I was a little shocked when I learned our company treats “Delete” buttons as a means to toggle Archived = 1 in the DB. Nothing is actually deleted. Sure we will anonymise the data after a certain time to be GDPR compliant but it would be trivial I guess to actually link that back to people.
The GDPR applies to data pertaining to an identifiable person. Anonymised data is more or less equivalent to deleted data as far as the regulation is concerned. Source: I was a DPO for 5 years.
Oh, I see. Indeed anonymised data should be fine under GDPR. However it is often very difficult to anonymise data. Some things are easy to anonymise, other are very complex.
For a small company who does not mainly work with data, the easiest solution to comply with GDPR is indeed just deleting the data altogether.
Yes, there a concept of “pseudonymous” data in some of the guidance, which refers to anonymous data which, when taken together, could identify the person - even if some of that data is not held by the data controller. Under those circumstances seemingly anonymous data can fall under the regulation although most companies are very unlikely to consider such nuance in their data policies.
The requirement exists unless the company is under legal obligation to retain something. I had one case where I requested a GDPR data dump followed by a full deletion, and apparently whoever executed the request deleted first and then processed the dump, so I was able to see that what they did was change my email address from [email protected] to username#[email protected] - meaning that login attempts, password resets etc. would clearly fail, and a further attempt to request my data revolving around my email address would be unsuccessful, but ultimately all my data was still accessible somewhere. Whether they’d then proceed to delete it after the retention period, who knows. I intended to follow up but forgot…
There’s no independent audit for GDPR compliance so the only way to know would be if someone whistleblows. There are also so many loopholes that allows to keep the data like “to prevent further abuse” or “some legal reason”.
So if reddit bans your account they can keep all data and you can’t do anything about it even with GDPR.
My current workplace doesn’t have for foresight to do that. Delete fully deletes immediately and without confirmation. Oh and the backups have been broken for years
On the upside, recent changes in leadership and on the team made it so we finally have the political will and talent in the right places to actually put effort into fixing backups but they have a lot of technical debt to sift through in fixing the last folks’ mistakes and oversights
Not quite, deletion from a hard drive also unflags the space the data was located at as being in use, so it will be overwritten eventually so long as the drive continues to have things written to it. Simply flagging something as being archived means that information will remain on the server indefinitely, the exact opposite of what is intended by a delete button.
As a software engineer I was a little shocked when I learned our company treats “Delete” buttons as a means to toggle Archived = 1 in the DB. Nothing is actually deleted. Sure we will anonymise the data after a certain time to be GDPR compliant but it would be trivial I guess to actually link that back to people.
I’m pretty sure GDPR requires websites to abide to user requests to delete their data. You may wish to review that with your company.
The GDPR applies to data pertaining to an identifiable person. Anonymised data is more or less equivalent to deleted data as far as the regulation is concerned. Source: I was a DPO for 5 years.
Oh, I see. Indeed anonymised data should be fine under GDPR. However it is often very difficult to anonymise data. Some things are easy to anonymise, other are very complex.
For a small company who does not mainly work with data, the easiest solution to comply with GDPR is indeed just deleting the data altogether.
Yes, there a concept of “pseudonymous” data in some of the guidance, which refers to anonymous data which, when taken together, could identify the person - even if some of that data is not held by the data controller. Under those circumstances seemingly anonymous data can fall under the regulation although most companies are very unlikely to consider such nuance in their data policies.
The requirement exists unless the company is under legal obligation to retain something. I had one case where I requested a GDPR data dump followed by a full deletion, and apparently whoever executed the request deleted first and then processed the dump, so I was able to see that what they did was change my email address from [email protected] to username#[email protected] - meaning that login attempts, password resets etc. would clearly fail, and a further attempt to request my data revolving around my email address would be unsuccessful, but ultimately all my data was still accessible somewhere. Whether they’d then proceed to delete it after the retention period, who knows. I intended to follow up but forgot…
The org i used to work for had to develop a special process to delete user data upon request, it was not an easy process in dynamics365
if you want something deleted you best destroy the hard disk yourself lol
There’s no independent audit for GDPR compliance so the only way to know would be if someone whistleblows. There are also so many loopholes that allows to keep the data like “to prevent further abuse” or “some legal reason”.
So if reddit bans your account they can keep all data and you can’t do anything about it even with GDPR.
Don’t GDPR deletion requests only require deleting personal data, and not public posts?
Are you advising breaking the law just because nobody checks?
I’m saying corporations break the law if nobody checks - why wouldn’t they?
That happens. Still, many companies do not. Some companies are unaware of the legislation.
I was informing one worker of a company of one such law.
Many companies do not break the law even though there are no controls just because that is the right thing to do.
My current workplace doesn’t have for foresight to do that. Delete fully deletes immediately and without confirmation. Oh and the backups have been broken for years
On the upside, recent changes in leadership and on the team made it so we finally have the political will and talent in the right places to actually put effort into fixing backups but they have a lot of technical debt to sift through in fixing the last folks’ mistakes and oversights
That’s basically how deleting data from a hard drive works too.
Not quite, deletion from a hard drive also unflags the space the data was located at as being in use, so it will be overwritten eventually so long as the drive continues to have things written to it. Simply flagging something as being archived means that information will remain on the server indefinitely, the exact opposite of what is intended by a delete button.
That’s why we use the shred command, then you get random data over it at the start.
Depending on your media that may not really destroy the data. SSDs do wear leveling and it might just write new blocks and reuse the old ones later.
So, what you’re saying is, to truly delete data from an ssd you need to do manual wear leveling with a belt sender.
Psh I’m surprised you’re surprised. The only way to really get rid of data is microwave or magnet, no?
I guess I’m naive and believe people would be honest.
I wish too. But apparently information I’d power 🤷♂️ who would’ve guessed
drill bit*
It’d work if it was encrypted and you threw away the encryption key on delete