Making Personal Data Deletion and Redaction Simple
When we talk about deleting or redacting personal information under GDPR, it means that the information is completely removed or permanently obscured so it can no longer be found or used. If information can still be accessed by an administrator after deletion, or if redacted text can be recovered, the data has not been properly protected. True GDPR compliance requires that personal data is either completely removed from systems or securely redacted using proper techniques.
What Information Should Be Deleted or Redacted?
Personal data subject to GDPR includes names, addresses, email addresses, phone numbers, identification numbers, and any information that can identify an individual. This data often appears in PDFs, contracts, invoices, and other business documents.
When Should Information Be Deleted According to GDPR?
According to the EU data protection law (GDPR), personal data may only be stored for as long as it is necessary to fulfill the purpose for which it was collected. After that, it must be deleted or anonymized through proper redaction techniques.
It is the data controller (the company) that must decide when information should be deleted, based on the purpose of the data collection. For example:
- A law firm keeps closed cases for more than 10 years may need to redact client names from archived documents
- An architecture or engineering firm keeps completed projects for 5 years after delivery, often redacting personal details from contracts and project correspondence is required
- A webshop keeps invoices for 5 years due to bookkeeping laws but may need to redact customer personal information
Systems should be set up so that deletion or redaction happens automatically when deadlines are reached.
GDPR Redaction vs. Complete Deletion
When to Delete Completely
Complete deletion is appropriate when:
- Data is no longer needed for any legal or business purpose
- The retention period has expired
- A data subject exercises their right to erasure
When to Use Redaction
Redaction is the better choice when:
- Documents must be retained for legal compliance (e.g., contracts, invoices)
- Historical records have ongoing business value
- Complete deletion would violate other legal obligations
How to Redact PDF Documents for GDPR Compliance
Many organizations store personal data in PDF documents that cannot simply be deleted due to legal or business requirements. In these cases, secure PDF redaction becomes essential.
Proper PDF Redaction Techniques
Many people think they can simply black out text in PDF files to protect sensitive information, but this approach is not secure. Text that appears blacked out may still be recoverable, which violates GDPR requirements. Proper PDF redaction requires permanently removing the underlying text data, not just covering it visually.
When you need to remove text from PDF permanently, follow these guidelines:
- Use proper redaction tools: Don’t rely on simple highlighting or covering text
- Verify redaction completeness: Check that underlying text data is actually removed
- Test recovery attempts: Ensure redacted information cannot be recovered through copy-paste or text selection
- Maintain document integrity: Ensure redacted documents remain readable and usable
Creating GDPR-Compliant Procedures
To ensure GDPR compliance, establish procedures that describe:
- When data should be deleted or redacted
- Who is responsible for the process
- How deletion or redaction is carried out
- How to verify completion
- Whether the process happens automatically or manually
For example: If a customer requests data deletion, your procedure might involve both deleting database records and redacting their information from archived PDF contracts.
The Right to Be Forgotten
Everyone has the right to have their information deleted if it is no longer necessary. Under GDPR, this often means:
- Deleting personal data from active systems
- Redacting names and identifiers from archived documents
- Ensuring backup systems also comply with deletion requests
Handling Backups and Archives
Backups and archived documents present unique challenges for GDPR compliance:
- Digital backups: May contain deleted information that should be purged
- Physical documents: May require physical destruction or secure storage
- Document archives: If deletion is not an option due to the value in the documents, permanent redaction can be a viable alternative
- Compliance verification: Regular audits to ensure redaction and deletion effectiveness
Practical Tools for GDPR Compliance
For organizations needing to redact sensitive information from large numbers of documents while maintaining GDPR compliance, specialized tools can help:
- redactpdf.io: Professional PDF redaction service designed for GDPR compliance
- Redact Folders: Enterprise solution, offering client-side integrations and batch processing for multiple documents
These tools ensure that personal data is permanently removed from documents, meeting GDPR requirements for data protection.
GDPR Compliance Best Practices
- Set clear deletion deadlines for all personal data you process
- Document your deletion and redaction procedures
- Ensure deleted data cannot be recovered by unauthorized persons
- Comply with legal retention requirements while protecting personal data
- Regular compliance audits to ensure procedures are followed
- Train staff on proper GDPR-compliant deletion and redaction techniques
- Consider redaction as an alternative when complete deletion isn’t possible
Conclusion
GDPR compliance requires proper tools and procedures for both deleting personal data from systems and securely redacting information from documents that must be retained. The key is ensuring that sensitive personal information is permanently and irrecoverably removed when no longer needed, whether through complete deletion or secure redaction techniques.