DIN 66398
Guideline for development of a concept for data deletion with derivation of deletion periods for personal identifiable information
| Organization: | DIN |
| Publication Date: | 1 May 2016 |
| Status: | active |
| Page Count: | 58 |
| ICS Code (Information technology (IT) in general): | 35.020 |
| ICS Code (Law. Administration): | 03.160 |
scope:
This standard defines a procedure model for the development and establishment of a deletion concept for personally identifiable information (PII). It comprises:
- procedures by which deletion rules for pools of personally identifiable information are specified;
- a survey of necessary requirements for implementation in the PII controller's organization;
- proposals for the structure of the documentation prescribed by the deletion concept; and
- recommendations according to which the deletion concept should be established, implemented and maintained and by which the responsibilities for the relevant tasks should be assigned.
This standard does not specify any specific deletion rules or deletion periods. These depend on the privacyrelevant legal requirements and the legitimate purposes of the processing by the respective PII controller. The legal provisions themselves, e.g. of the EU, or national laws, are also outside the scope of this standard.
As a rule, the relevant legal requirements are to be taken into account when using this standard. Their interpretation and transposition to the deletion concept of the PII controller is outside the scope of this standard. The technical mechanisms of deletion, e.g. deletion by overwriting database values, deletion of records and deletion of entire tables or files, are also outside the scope of this standard.
The safety level of deletion mechanisms is also not being considered here. This standard deals with the process of deleting personally identifiable information. However, the procedure can, in principle, also be transferred to other pools of data.
Document History
