GDPR and the right to be forgotten
When complying with the GDPR, the right to be "forgotten" is often a challenge for companies. Specifically, this involves the secure, traceable and documented deletion of personal data.
In this context, our EMA® solution offers a wide range of options for meeting these requirements, depending on the company's situation:
Delete function in EMA general
In the delivery state, EMA initially does not contain a delete function to ensure the completeness and tamper-proofness of the data. However, this can be unlocked individually upon request. By default, the delete function is only available for administrators. Additional safety requirements can be implemented using the dual control function. Depending on the requirements, the delete function can also be enabled for users. If necessary, combined with further restrictions such as a maximum number of days within which deletion can take place.
Complete and residual deletion
All ARTEC solutions have technology for multi-layer document deletion. With activation of the delete function, data can thus be deleted and immediately disappear from memory and cache. Furthermore, these can be overwritten several times with different bit patterns if desired. Elimination from the index takes place with a few minutes delay, standby devices follow within a few hours. Provided that there are no further backups of the file share on which the data is additionally stored, all data is thus actually deleted and can be overwritten several times if necessary. For this reason, we recommend using direct attached storage for both archive storage and backup storage.
Automatic deletion with retention times
By defining individual retention times, certain data can be automatically deleted upon request after the respective period has expired.
Attributes Legal Hold, Erase Lock, Minimum Retention Time
For data that must not be deleted under any circumstances, deletion can be prevented via the "Legal Hold", "Minretention" or EMA Case Management attributes. In this way, the retention guidelines, which, depending on the individual legal assessment, are higher-ranking than the right to "be forgotten," can also be implemented correctly from a technical perspective.
Hidden and private
Alternatively, sensitive data can be marked as "Hidden" or "Private". Thus, they are still in the search index, but cannot be found without the four-eyes function. It is also possible, for individual sensitive metadata, to allow users read and write access, but still prohibit specific searches. This even prevents sorting by the respective attribute.
With EMA, it is thus possible to individually design work processes in accordance with legal requirements. The use of the listed functions and the associated releases and settings are in each case at the discretion of the customer.
You would like to learn more about the application possibilities of EMA? Just write us a short message in our contact form.