<p>This article describes how the “right to be forgotten” pursuant to Article&#xa0;17 of the EU GDPR can be supported at a&#xa0;procedural level in environments with relational database systems. It is shown that GDPR-compliant deletion involves organizational and technical challenges. First, these organizational and technical challenges are presented. Subsequently, using the Design Science Research methodology, two artifacts—a&#xa0;process model and a&#xa0;criteria catalogue—are developed. The process model is divided into four phases: triggers, assessment, deletion, and logging. Several types of triggers are considered. The deletion request is legally assessed, deletion operations are initiated in a&#xa0;system-wide and irreversible manner, and the documentation of the deletion is considered. The criteria catalogue includes fifteen checkpoints, which include, among other aspects, the legal basis, organizational responsibilities, deletion rules and documentation requirements, and can be applied along the process phases. The developed artifacts serve as practice-oriented support for the structured and traceable implementation of deletion requests in accordance with the GDPR.</p><p>The article discusses strengths, limitations and open questions of the approach, particularly with regard to the missing technical implementation and potential performance issues. Furthermore, the need for further research on GDPR-compliant and audit-proof deletion mechanisms in relational database systems are identified.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Ein Kriterienkatalog zur EU-DSGVO-konformen Löschung in relationalen Datenbanksystemen

  • Anja Grunert

摘要

This article describes how the “right to be forgotten” pursuant to Article 17 of the EU GDPR can be supported at a procedural level in environments with relational database systems. It is shown that GDPR-compliant deletion involves organizational and technical challenges. First, these organizational and technical challenges are presented. Subsequently, using the Design Science Research methodology, two artifacts—a process model and a criteria catalogue—are developed. The process model is divided into four phases: triggers, assessment, deletion, and logging. Several types of triggers are considered. The deletion request is legally assessed, deletion operations are initiated in a system-wide and irreversible manner, and the documentation of the deletion is considered. The criteria catalogue includes fifteen checkpoints, which include, among other aspects, the legal basis, organizational responsibilities, deletion rules and documentation requirements, and can be applied along the process phases. The developed artifacts serve as practice-oriented support for the structured and traceable implementation of deletion requests in accordance with the GDPR.

The article discusses strengths, limitations and open questions of the approach, particularly with regard to the missing technical implementation and potential performance issues. Furthermore, the need for further research on GDPR-compliant and audit-proof deletion mechanisms in relational database systems are identified.