Data Removal

Introducing the only GDPR compliant Data Removal solution


Each personal data collected by the company goes through a personal data lifecycle. Data is collected through different channels, processed for everyday business operation. After the lawful basis for processing expires, personal data has to be archived for legal and documentation purposes and eventually removed.

The data removal process imposed a new set of challenges, amplified with the lack of understanding about where the data is stored, and no real insight into the technical and business implication of data removal.

At the same time, companies are expected to demonstrate compliance with fair information practice principlestorage limitation principle and the right to be forgotten and the laws that regulate documentation retention periods, like archiving law.

It gets more complicated when the data subject uses more than one active service of the company for which, very often, the same data sets are required on the same systems. For this reason, data removal system needs to be intelligent enough not to erase the personal data that are still in use.

Last challenge refers to the technical orchestration of data removal. Since it is almost impossible to delete data in big enterprise systems, the GDPR recommends data anonymization and pseudonymization as opposed to deleting data. In the event of data deletion by mistake there is a technical possibility of recovering data.


When a company is processing a large amount of data across multiple systems, automation is the only way to avoid the possibility of human error and reduce the risk of non-compliance. Automation minimizes the amount of manual work needed for data deletion or recording every action taken over data.

Data Privacy Manager automatically gives instructions to a different system when data deletion needs to be executed and enables you to define data retention and data removal operationalization on different data categories.

Data Privacy Manager’s automated services answer two key questions:

WHICH data subject’s data needs to be removed?” and “WHEN this data needs be removed”?

Data retention schedule and Data destruction schedule are 2 real-time services available for end-to-end automation of personal data removal.

This represents a GDPR compliant personal data removal engine.



Privacy professionals do not have to spend their time giving instructions to the IT team on which data should be removed and when.


Precise real-time service keeping records and counting data retention period for personal data down to a single data subject level.


Automatically give instructions to different systems on which data should be removed and when.

Personal Data Lifecycle

Interaction with Data Subjects
  • Contract
  • Consent
Lawfull Processing
Everyday Business
  • Data monetization
  • Services delivery
  • Marketing
Lawful Basis Expiration
  • Contract Expiration
  • RTBF
  • Opt-out
Data Destruction
  • Anonymization
  • Deletion

Business Process
(Original Purposes)

Data Retention
(Purpose change)

No Purpose

Learn how this solution helps your industry

General Data Protection Regulation (GDPR) requires that Organizations processing personal data (Data Controllers and Data Processors) maintain a register of processing activities. According to Article 6 there can be 6 possible lawful basis for personal data processing, and for Organizations to be able to declare a lawful basis for a specific processing activity an assessment needs to be done…

Would you like to continue reading? 

Get the E-book
“We have approached the process of GDPR compliance very seriously and methodically, and we wanted to have a software that will allow us to manage GDPR processes from one central point, which we managed to accomplish with Data Privacy Manager.”

Nikola Murk, Head of IT operations & infrastructure

Data Privacy Manager is available in flexible pricing options for your growing business needs