GDPR-Compliant Deletion of Employee Data in tenfold

Under the General Data Protection Regulation (GDPR), personal data that is no longer required for the purpose for which it was originally collected must be deleted without delay. This includes any data relating to former employees. With tenfold, employee data can be deleted automatically and in compliance with the GDPR.

Legal Background

One of the key principles of the GDPR, as laid out in Article 5, addresses the storage limitation of data. It states that “personal data must be kept … for no longer than necessary for the purpose for which the personal data are processed.” Also, Article 17 of the GDPR explicitly establishes a “right to erasure” (or “right to be forgotten”), which obligates data controllers to delete personal data relating to employees as soon as said data are no longer needed. As the GDPR states no specific retention period for personal data, companies must define their own policies for what represents a sensible time frame for retaining personal data.

According to Article 88 of the GDPR, member states are also permitted to define “more specific rules … in respect to the processing of employees’ personal data in the employment context.”

Implementation in tenfold

Via tenfold’s data protection policy settings, you can set individual retention periods for different categories of data. To guarantee compliance with the GDPR, tenfold ensures that the respective data sets are deleted or anonymized automatically after the defined period has expired.

For deleted employees, tenfold empties all fields of the corresponding object or overwrites them with a “-” (hyphen). This ensures that the person cannot be identified in restrospect. It is also possible to anonymize personal data instead of deleting it.

Attention: The anonymization only affects data located in the tenfold database. Data records in other systems must be deleted or anonymized separately.

Why Does tenfold Anonymize Accounts Instead of Deleting Them?

Deleting objects in the tenfold database can lead to problems with reporting, as certain events may become unattributable. If the (personal) data contained in the object is overwritten instead of deleted, the ability to evaluate historical structures and access rights is maintained, while the “right to be forgotten” is still preserved.

Does Anonymizing Data Meet the Legal Obligations I Am Required to Fulfill?

Yes, this method is explicitly supported by data protection authorities and has been independently reviewed before its implementation in tenfold. By definition, data that have been properly anonymized do not fulfill the criteria to be recognized as personal data, as they can no longer be associated with or used to identify an individual person. The restrictions set out by the GDPR for personal data therefore no longer apply to data that has been anonymized.

About the Author: Helmut Semmelmayer

Helmut Semmelmayer currently heads channel sales at the software company tenfold software. He looks back on 10 years of involvement in the identity and access management market. Having worked on countless customer projects, he has extensive knowledge of the challenges that organizations face when it comes to protecting data from unauthorized access. His goal is to educate businesses and build awareness for current and future access-based attack patterns.