Simuna InfosecSIMUNA INFOSEC
Privacy

Right to Be Forgotten: Testing Whether Your Application Can Actually Delete User Data untuk Perusahaan Indonesia

Data deletion requests are a legal requirement under GDPR, LGPD, and PDPA. Testing whether your application can truly erase personal data. Guidance for ID market.

The right to erasure (GDPR Article 17, LGPD, PDPA, and similar regulations) requires organisations to delete personal data upon request. Testing verifies: does the deletion process remove data from all storage locations (primary database, caches, search indexes, analytics systems, backups, logs)?; is deleted data actually unrecoverable or merely flagged as deleted?; does deletion propagate to third-party processors and integrated systems?; and can the data subject verify that deletion has been completed? Many organisations discover through testing that data persists in unexpected locations after deletion.