Use-Case GDPR, Art. 15 and 17 – Successfully find and delete customer data

The General Data Protection Regulation (GDPR) has been in force in the European Union since May 2018. It stipulates how companies are allowed to collect and process personal data. In particular, Article 15 – the right of access by the data subject – and Article 17 – the right to erasure – pose challenges for companies.

GDPR in your company: Right of access to personal data

Article 15 of GDPR gives a person the right to know what data pertaining to him or her a company holds and how it has been processed, and for what purposes this data processing has been carried out. Likewise, a person has the right to know which recipients their personal data has been or will be disclosed to. Finally, information must also be provided about the planned duration of data storage or the criteria for determining this duration. The company does not have an arbitrary amount of time to find this data either. The information needs to be provided within one month.

Companies often underestimate the ease and speed with which they can locate all the data stored about the person in question. The problem is that this information is often not stored in a single format in databases, but rather in unstructured form in e-mails, text documents or presentations. This means it can appear impossible to ensure that all the places where data about a person is stored by a company have actually been identified. As a result, the company is unable to meet the requirements of GDPR and risks consequences from the responsible data protection authorities.

Right to erasure of personal data

Article 17 of GDPR, in turn, gives an individual the right to request immediate erasure of the data stored about him or her. Again, if the company cannot find all this data quickly enough, for example because it is stored in unstructured form and distributed across various directories, channels, tools and emails, it will not be able to meet the requirements of GDPR. In this case, the company puts itself at risk of having confirmed to a customer that their data has been deleted, even though information about them is still stored.

Concept for finding and deleting personal data

Aparavi solves the problem of finding and deleting personal data quickly and reliably with its Deep Intelligence Engine. The intelligent search engine specifically searches through unstructured data inventories, classifies all data relevant to data protection and uncovers it. This gives companies a complete overview of all data relating to a person with just a few clicks and allows them to delete it at the touch of a button in accordance with Article 17, GDPR.

Did you know that the topic described here is not only relevant for compliance with the GDPR? Careful data management and data economy also have a crucial importance for ecological, economic and social sustainability within the framework of corporate social responsibility.

Use Case Details from employment contracts

The larger a company is, the more employees it has. Each of these employees signs an employment contract before starting their employment. These are often scanned and filed away – and never looked at again. Yet these contracts can contain important details that are not recorded in a structured manner. Take the notice period, for example: it is often the case that different employees have different notice periods – the intern may only have to serve two weeks’ notice, the manager three months and the CEO up to six months’ notice. Individual agreements between employees and their employer are also noted in their contracts, of course.

Use Case The loss of mission-critical data

Every employee will leave their employer eventually. However increasingly, the question arises as to what data they are actually allowed to take with them – and what data they are not. Long-serving employees in particular not only have in-depth knowledge, but also access to many files. Important information is often hidden in folders on their computers or in their e-mail accounts and is not necessarily marked as company data. Even the employees themselves no longer have an overview of the data that is confidential and what data they can take with them without worrying about violating compliance rules.


Santa Monica

Santa Monica, CA 90401
929 Colorado Ave
+1 (323) 922-2010


Lothstraße 5
80335 Munich, Germany
+49 (0)89 5404 3992


90401, Baarerstr. 135
6300 Zug, Switzerland
+49 (0)89 5404 3992