How should logs be deleted, taking into account the full personal data lifecycle?

ANSWER

This issue was raised in the context of discussing the accountability principle achieved through system logs. Reference was made to the CJEU ruling (C-553/07 – Rijkeboer). In the case described in that ruling, M.E.E. Rijkeboer submitted a request to the College asking to be informed of all instances in which his data, originating from the municipal administration, had been disclosed to third parties during the two years preceding the submission of his request. He wished to know the identity of those persons and the content of the information disclosed to them. M.E.E. Rijkeboer, who had moved to another municipality, wished in particular to find out to whom his previous address had been disclosed.

The controller was only partially able to respond to the data subject’s request, because information concerning the recipients of data was deleted by the controller on an annual basis.

The reason for citing this example is to emphasise that when deleting system logs – particularly those relating to the manner in which obligations under GDPR are fulfilled – the entire data lifecycle should be taken into account, rather than a selected period (e.g. the previous year only).