Data deletion – Privacy Design® / [protecting people by good design, solid security, efficient processes and trusted services] Tue, 08 Sep 2020 06:58:21 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 /wp-content/uploads/2018/02/cropped-favicon-32x32.jpg Data deletion – Privacy Design® / 32 32 CNIL guidance on data deletion and retention /2020/09/08/cnil-guidance-on-data-deletion-and-retention/ Tue, 08 Sep 2020 04:51:06 +0000 /?p=2309 Continue reading "CNIL guidance on data deletion and retention"

]]> In July 2020, the CNIL (DPA for France) published guidelines on data retention (Guide pratique – Les durées de conservation). https://www.cnil.fr/sites/default/files/atoms/files/guide_durees_de_conservation.pdf

These reflect early CNIL recommendations from 11-Oct-2005 on the archiving of personal data.
They aim to provide practical help to define the data retention rules and periods.
Similar to DIN-66398 (German industry standard on data retention/deletion) they don’t include guidance on specific data categories. https://din-66398.de/

However, CNIL does define data retention periods in separate dcouments (“Référentiel”). Up to now, two such Référentiels have been published for the health sector:

]]> Germany: SDM 2 – first three modules published /2020/07/01/germany-sdm-2-first-three-modules-published/ Wed, 01 Jul 2020 20:21:38 +0000 /?p=2175 The German Data Protection Authorities are developing a Standard Data Protection Model (SDM), as a guideline for data controllers.
They just published the three first modules – on “Documentation”, “Logging” and “Data deletion”.
So “Data deletion” is obviously a priority to them.

https://www.datenschutz-mv.de/datenschutz/datenschutzmodell/

]]> Data deletion concepts (Datenlöschkonzepte) – in German /2020/05/06/data-deletion-concepts-datenloschkonzepte-in-german/ Wed, 06 May 2020 07:49:50 +0000 /?p=1767 Corresponding SDM-Baustein (in German):
https://www.datenschutz-mv.de/static/DS/Dateien/Datenschutzmodell/Bausteine/SDM-V1.1_60_L%C3%B6schen_V1.0_uagsdmbs_final.pdf

Context on DIN 66398
https://www.datenschutzbeauftragter-info.de/din-norm-66398-die-entwicklung-eines-loeschkonzepts/

Web site on the related German DIN 66398 standard
https://www.din-66398.de/inhalt/index.html

Link to the free preview version
https://www.secorvo.de/publikationen/din-leitlinie-loeschkonzept-hammer-schuler-2012.pdf

Article by the editor
https://www.secorvo.de/publikationen/din-66398-hammer-2016.pdf

Presentation
https://www.dfn-cert.de/dokumente/ds_workshops/Datenschutzkonferenz2017/Folien_Hammer.pdf

Example Vorlage Löschkonzept (googled..)
https://www.sage.com/de-de/-/media/files/sagedotcom/germany/documents/pdf/support-und-service/dsgvo/vorlagen/loeschkonzept_dsgvo.pdf?la=de-de&hash=7F44CEC682912EEBD950F276BA510CFD

]]> Danish DPA fines IDesign S/A (a furniture company) ~200,000 EUR for data retention issues. /2019/06/13/danish-dpa-fines-idesign-s-a-a-furniture-company-200000-eur-for-data-retention-issues/ Thu, 13 Jun 2019 21:13:59 +0000 /?p=879 https://www.datatilsynet.dk/tilsyn-og-afgoerelser/afgoerelser/2019/jun/tilsyn-med-iddesigns-behandling-af-personoplysninger/

Data deletion, data retention concepts]]>