Automated Encrypt & Destroy

Under the GDPR Individual’s Right to Erasure, organisations have a responsibility to erase personal data when it is no longer necessary in relation to the purpose for which it was originally collected/processed

The NAVGDPR toolset provides a periodic process to automatically ‘erase’ data subjects’ personal data as catalogued in the application based on retention period rules defined by data category

As with the manual Right to Erasure request, to retain data referential integrity, records are not deleted, but the sensitive data items are replaced by asterisks

There may be other local legislation that overrides the GDPR in certain conditions (eg. An HMRC requirement to retain sales invoice details for 7 years) In this case, sensitive data items would then be encrypted instead

These rules are all configurable by data category within the setup of NAVGDPR