Argana Consulting GmbH 
Let's rather talk about how to solve the problems.

Deletion concept

The erasure concept in accordance with the General Data Protection Regulation (GDPR) is an important part of the data protection measures of companies that process personal data. It describes how personal data that is no longer needed can be securely and permanently erased.

It must ensure that personal data is deleted in an appropriate and timely manner as soon as it is no longer required for the purpose for which it was collected or otherwise processed. A data erasure policy should therefore include procedures to ensure that personal data is erased after the legal retention periods have expired or after the purpose for which it was collected has been achieved. It should also include a review of personal data to ensure that outdated or inaccurate data is no longer retained.

A fire protection concept should fulfil the following requirements

  • Purpose limitation: Personal data may only be collected and processed for a specific purpose. As soon as this purpose has been fulfilled, the data must be deleted.
  • Storage limitation: Personal data may only be stored for a limited period of time. The GDPR requires that personal data may only be stored for as long as is necessary for the purposes for which it is processed.
  • Lawfulness: The processing of personal data must be based on a legal basis, e.g. the consent of the data subject or a legal obligation. If this basis is no longer applicable, the data must be deleted.
  • Transparency: It must be clear which personal data is collected and how long it is stored. This also includes informing the data subjects about the storage period.
  • Data security: Personal data must be stored securely and protected to prevent unauthorised access or data loss.

and take the following aspects into account:

  • Determining the storage periods: The company must determine how long personal data may be stored. This depends on various factors, such as the purpose of the processing, the applicable legal provisions and the legitimate interests of the data subjects.
  • Review of storage periods: The company must regularly review whether the storage periods for personal data are still appropriate. If not, the storage periods must be adjusted accordingly.
  • Procedure for deletion: The company must develop a procedure for the deletion of personal data that ensures that the data is permanently and irretrievably deleted.
  • Technical and organisational measures: The company must take technical and organisational measures to ensure that the deletion of personal data is carried out properly. This may include, for example, the implementation of access controls and encryption technologies.