Failure to effectively and / or timeously delete personal data after termination of the specified purpose or upon request.

1. Inspect the data retention / deletion policies and/or agreements.

2. Evaluate their appropriateness.

3. Request deletion protocols.

4. Test processes for deletion requests.

5. Check if transparency is provided (which data is deleted when and which data is not deleted and why).

1. Deploy systems with good privacy practices, in this case minimization.

2. Personal data has to be deleted after termination of the specified purpose and after an appropriate timeframe (e.g. one month).

3. Personal data has to be deleted on rightful user request.

4. Secure locking (with very limited access to the data) might be an option if deletion is not possible due to technical restrictions.

5. Real deletion is preferable though and minimizes the risk.

6. Data retention, archival and deletion policies and processes have to be documented and followed.

7. Evidence should be collected to verify the deletion as per policy.

8. Any data in backups, other copies or shared with third parties has to be considered.

9. Exceptions are possible in case of retention required by law. Access should be very limited and protocolled for this case.

10. When deleting data in cloud, take note of historical data stored in older snapshots.

11. Deletion of user profiles after longer periods of inactivity.

Customer data is deleted automatically:

• After a certain period of inactivity (Hotmail removes user profiles in case they are not used for one year).

• After termination of a contract (it is not required by law to keep all customer information for accounting or other purposes).

• Retaining Personal Data (Principle 5)

• German DIN Standard 66398