Redact

After the appropriate tags have been assigned to the documents, you need to redact all personal data belonging to the data subject and review all documents with the 01 DSAR Candidate or Right to be Forgotten tag. For instance, if a document set has the Potentially Removal tag attached to it, it means that the document contains personal data relating to the data subject for which there is no ground or purpose to process, which must then be removed.

The most essential step in handling an erasure request is the redaction or anonymization of personal data belonging to the data subject. It is very important to ensure all such data are recognized, tagged and redacted before producing a report to the IT department. In this phase, you can begin to manually or automatically anonymize personal information. The purpose of anonymization is to prevent personal data from being inadvertently released. ZyLAB’s redaction feature enables reviewers to quickly and easily redact and remove information by hiding selected content.

Both anonymization and pseudonymization can be used for redaction.

Encrypting personal data can be done by replacing the real personal data with a pseudonym. The main difference is that pseudonymization is a reversible process, unlike anonymization. Also, the real person is identifiable with the proper key, which makes the data still valuable for an organization. However, it also means the GDPR still sees pseudonymized data as personal data. Therefore, for the purposes of the right to be forgotten, anonymization is more appropriate than pseudonymization.

Removing the option for the data subject to be attributed to personal data within a document results in anonymization. The data is irreversibly altered, and it is impossible to detect if data relates to two, three or more people. The GDPR does not see it as personal data anymore.

The choice between anonymization or pseudonymization depends on many factors (the use case, degree of risk, the way data is processed within your company, etc.).

The difference between the redaction process in a DSAR request and an erasure request, regards whose personal data is being redacted. When handling an access request, you must ensure that all personal data regarding third parties is redacted before producing the data to the data subject. However, when handling an erasure request, the purpose is to remove the data subject’s personal data that are no longer necessary or allowed to be processed. The focus here then, is on the data subject's data, rather than third parties' data.

You may choose to erase complete documents or to redact only the data subject’s personal data by using anonymization and to continue processing the actual documents for archival or other purposes.

Refer to the following link for the complete redaction process—DSAR - Redact