An organization in the EU gets a request from an individual who wants personal information removed from existing systems. Which approach best meets that request and ensures required documentation remains available?
Erase personal records from production environments and keep streamlined logs of the removal that exclude private details
Encrypt the personal data in every active environment and retain full daily backups for future reviews
Preserve personal data in a separate archive with restricted access for authorized personnel
Deactivate the user account and maintain the personal information in production for audit
Erasing the information in production respects the request for removal. Maintaining records that do not contain personal details helps prove adherence to regulatory demands. Simply encrypting the data does not remove it, archiving it fails to honor full removal, and disabling an account while leaving sensitive information in the primary system does not address privacy obligations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the 'right to be forgotten' under EU regulations?
Open an interactive chat with Bash
What types of logs are acceptable for regulatory compliance after personal data removal?
Open an interactive chat with Bash
What are the consequences of failing to fully remove personal data under GDPR?