circle-info
New Release: Cypress is now live. Parallel paths for curated and un-curated data.
Twig Help Docsarrow-up-right
search
Twig.so

Knowledge Retention vs Deletion

hashtag
The Problem

Conflicting requirements to retain data for compliance (audit trails, legal holds) while also deleting data on request (GDPR, user requests).

hashtag
Symptoms

  • ❌ Cannot delete due to legal hold

  • ❌ Retention policy conflicts with deletion

  • ❌ Audit trail requires keeping deleted data

  • ❌ Backup retention vs deletion requests

  • ❌ Regulatory conflicts (GDPR vs SOX)

hashtag
Real-World Example

Scenario:
→ User requests deletion under GDPR (right to erasure)
→ Company also has SOX compliance (7-year retention for financial records)
→ User's data appears in financial audit trail documents

Conflict:
→ GDPR: Must delete user data
→ SOX: Must retain financial records for 7 years
→ Cannot satisfy both simultaneously

hashtag
Deep Technical Analysis

hashtag
Retention Requirements

Compliance-Driven Retention:

Legal Holds:

hashtag
Deletion Rights

GDPR Article 17:

Balancing Act:

hashtag
Anonymization as Middle Ground

Pseudonymization:

K-Anonymity:

hashtag
Backup Complication

Immutable Backups:

hashtag
How to Solve

Implement data classification (retention-required vs deletable) + use pseudonymization/anonymization where deletion conflicts with retention + document exceptions to right to erasure (legal obligations) + delete from production immediately, allow backup expiration + maintain data retention schedule aligned with regulations. See Retention Policy.

PreviousVector DB EncryptionNextEmbedding Service Privacy

Last updated