An organization in the EU gets a request from an individual who wants personal information removed from existing systems. Which approach best meets that request and ensures required documentation remains available?
Deactivate the user account and maintain the personal information in production for audit
Erase personal records from production environments and keep streamlined logs of the removal that exclude private details
Encrypt the personal data in every active environment and retain full daily backups for future reviews
Preserve personal data in a separate archive with restricted access for authorized personnel
Erasing the information in production respects the request for removal. Maintaining records that do not contain personal details helps prove adherence to regulatory demands. Simply encrypting the data does not remove it, archiving it fails to honor full removal, and disabling an account while leaving sensitive information in the primary system does not address privacy obligations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'erasing personal records' in compliance with EU regulations mean?
Open an interactive chat with Bash
Why is encryption insufficient for complying with data removal requests?
Open an interactive chat with Bash
What is the purpose of streamlined logs, and why exclude private details?