GDPR and the Right to Erasure in Databases
Under UK GDPR, individuals can ask you to delete the personal data you hold about them — the 'right to erasure' or 'right to be forgotten'. Honouring that request properly is more involved than deleting one row, and getting it wrong carries real risk.
This article explains the practical challenges and how we design systems to handle erasure cleanly. It is general guidance, not legal advice.
Why It Is Not Just One Delete
Personal data often spreads across many tables, plus backups, logs, search indexes and reporting copies. A genuine erasure has to account for all of these, not only the obvious main record.
Designing for Erasure
- Know where personal data lives — a data map is invaluable.
- Decide what must be erased and what may be retained (for example, legal or financial records).
- Have a repeatable, logged process so requests are handled consistently.
Backups and Practicality
You cannot rewrite every historic backup on demand, and the regulator accepts this. The common approach is to erase from live systems immediately and let backups expire naturally under your retention policy.
Frequently Asked Questions
Can we always delete everything?
Not always — some data must be kept to meet other legal obligations. We help you distinguish what must go from what may lawfully remain.
If you need a hand with any of this, your Progressive Robot delivery team is ready to help. Raise a ticket from the Support area of your client portal or speak to your account manager and we will guide you through the next steps.