GDPR Article 17 grants individuals the "Right to Erasure" (commonly known as the Right to be Forgotten). This rule requires B2B SaaS companies and data controllers to permanently delete a user's personal data upon request, without undue delay, under specific legal conditions.
GDPR Deletion Obligations
Implementing erasure requests in a complex, multi-tenant relational database is a significant engineering challenge:
- Hard Deletes vs. Soft Deletes: While soft deletes (setting a
deleted_atflag) are useful for recovery, GDPR requires that the actual personal data be fully purged or anonymized from active databases and backups. - Cascading Wipes: Deleting a user must trigger cascading deletes across related tables, including audit logs, message histories, and user sessions.
- Backup Management: Wiping PII from read-only backup archives is technically difficult. Compliance guidelines allow companies to keep backups if they maintain a secure ledger of deletion requests and apply the deletions if the backup is ever restored.
Anonymization as an Alternative
If you need to preserve historical transaction counts or analytical trends, you can satisfy the Right to Erasure by completely anonymizing the user row (e.g. replacing names with Deleted User and emails with hashed values). This breaks the link to a natural person, rendering the data compliant under GDPR.