Contents

Foreword
Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Symbols and abbreviated terms

5 Framework for deletion

5.1 General
5.2 Constraints
5.3 Clusters of PII
5.4 Retention period and regular deletion period
5.4.1 Retention period
5.4.2 Regular deletion period
5.4.3 Allocation of clusters of PII
5.5 Archives and backup copies
5.6 Standard deletion periods, starting points, deletion rules and deletion classes
5.7 Special situations
5.8 Documentation of policies and procedures

6 Clusters of PII

6.1 General
6.2 Identification
6.3 Documentation

7 Specification of deletion periods

7.1 Standard and regular deletion periods
7.2 Regular deletion period specifications
7.3 Standard deletion period identification
7.4 Deletion period specifications for special situations
7.4.1 General
7.4.2 Modification of data objects
7.4.3 Need to extend period of active use
7.4.4 Suspension of the deletion
7.4.5 Backup copies

8 Deletion classes

8.1 Abstract starting points -- abstract deletion rules
8.2 Matrix of deletion classes
8.3 Allocation of deletion classes and definition of deletion rules

9 Requirements for implementation

9.1 General
9.2 Conditions for starting points outside IT systems
9.3 Requirements for implementation for organization-wide aspects
9.3.1 General
9.3.2 Backup
9.3.3 Logs
9.3.4 Transmission systems
9.3.5 Repair, dismantling and disposal of systems and components
9.3.6 Everyday business life
9.4 Requirements for implementation for individual IT systems
9.5 Deletion in regular manual processes
9.6 Requirements for implementation for PII processor
9.7 Control deletion in special cases
9.7.1 Exception management
9.7.2 Further sets of PII

10 Responsibilities

10.1 General
10.2 Documentation
10.3 Implementation

Bibliography