--- title: "Audit-Proof Archiving and GDPR: Retention vs. Right to Erasure" date: 2026-04-16T13:15:00+02:00 author: FAST LTA canonical_url: "https://www.fast-lta.de//en/blog/revisionssicherheit-und-dsgvo-aufbewahrung-vs-löschpflicht" section: "Entries: Articles" --- ### The Two Sides of the Conflict [\#](#the-two-sides-of-the-conflict "The Two Sides of the Conflict") #### Retention Obligations [\#](#retention-obligations "Retention Obligations") Across the EU, businesses must retain records for defined periods: - **VAT law:** invoices must be retained for periods set by each member state under the EU VAT Directive, commonly 6 to 10 years. - **Accounting and commercial law:** national rules require books, annual accounts, and supporting documents to be kept. In Germany, for example, commercial books and annual accounts must be retained for 10 years, accounting documents and invoices for 8 years (banks, insurers, and securities institutions: 10), and commercial correspondence for 6 years, following the 2025 reform of retention periods. - **Sector rules:** MiFID II record-keeping in financial services, and healthcare retention of 10 to 30 years for patient records depending on member state and record type. These records routinely contain personal data: names on invoices, contact details in correspondence, patient identities in medical records. #### The GDPR Right to Erasure [\#](#the-gdpr-right-to-erasure "The GDPR Right to Erasure") GDPR Art. 17 grants data subjects the right to erasure when data is no longer necessary, consent is withdrawn, or processing was unlawful. Art. 5(1)(e) (storage limitation) adds that personal data may be kept no longer than necessary for the purpose. --- ### How the Conflict Is Resolved [\#](#how-the-conflict-is-resolved "How the Conflict Is Resolved") The GDPR resolves the conflict itself. Art. 17(3)(b) states that the right to erasure does not apply where processing is necessary to comply with a legal obligation. A statutory retention obligation is exactly such a legal obligation. The resulting prioritization rule: 1. **During the retention period:** the retention obligation takes precedence. An erasure request for an archived invoice is refused for that record, with the legal basis documented (Art. 17(3)(b) plus the applicable national retention rule). 2. **After the retention period expires:** the legal basis for storage disappears, and the GDPR obligations take over. Now the data must be erased; continued retention without a purpose violates Art. 5(1)(e). Both halves matter. Companies fail audits for deleting too early, and they collect GDPR findings (and fines up to EUR 20 million or 4% of global annual turnover) for keeping personal data indefinitely ​“just in case.” --- ### What This Means for Archive Architecture [\#](#what-this-means-for-archive-architecture "What This Means for Archive Architecture") #### Retention Management Is Mandatory [\#](#retention-management-is-mandatory "Retention Management Is Mandatory") A compliant archive needs deadline-based retention management: - Every record carries a retention class (record type, applicable rule, expiry date) - Different record types get different periods: a single global retention setting is almost always wrong - When the period expires, deletion is executed and documented #### WORM and Deletion Are Compatible [\#](#worm-and-deletion-are-compatible "WORM and Deletion Are Compatible") Hardware WORM seems to contradict erasure, but compliance-grade WORM systems are built for exactly this lifecycle. Silent Cubes, for example, enforce immutability for the duration of the configured retention period; after expiry, records become deletable, and the deletion itself is logged. During the retention period nothing and no one (including administrators) can alter or remove the record, which is precisely what the integrity requirements demand (GDPR Art. 5(1)(f), national bookkeeping standards such as the German GoBD). #### Accountability [\#](#accountability "Accountability") GDPR Art. 5(2) requires you to demonstrate compliance. For the archive, that means documenting: - The retention schedule per record type, with legal basis - The refusal process for erasure requests during retention (with the Art. 17(3)(b) justification) - The deletion process after expiry, with execution logs --- ### Practical Steps [\#](#practical-steps "Practical Steps") 1. **Map record types to retention periods** under the laws applicable in your member state(s); involve legal counsel for cross-border operations. 2. **Implement retention classes in the archive system** so expiry is tracked per record, not per system. 3. **Automate deletion after expiry,** with logging, so storage limitation is met without manual sweeps. 4. **Document the whole procedure** as part of your archiving process documentation; auditors and data protection authorities both ask for it. --- ### Further Resources [\#](#further-resources "Further Resources") → Audit-Proof Archiving Guide (/en/blog/revisionssicherheit-leitfaden/) → What Is Audit-Proof Archiving? (/en/blog/was-ist-revisionssicherheit/) → The 10 Criteria of Audit-Proof Archiving (/en/blog/10-kriterien-revisionssicherheit/) → Silent Cubes: Hardware WORM Archive Storage (/en/produkte/silent-cubes/) ### GDPR The GDPR (General Data Protection Regulation, EU 2016/679) is the European regulation for the protection of personal data — particularly relevant for IT infrastructure in Art. 5 (principles), Art. 17 (right to erasure), Art. 28 (processors) and Art. 32 (security of processing). [Mehr erfahren →](https://www.fast-lta.de//en/glossary/gdpr) ### GDPR The GDPR (General Data Protection Regulation, EU 2016/679) is the European regulation for the protection of personal data — particularly relevant for IT infrastructure in Art. 5 (principles), Art. 17 (right to erasure), Art. 28 (processors) and Art. 32 (security of processing). [Mehr erfahren →](https://www.fast-lta.de//en/glossary/gdpr) ### GDPR The GDPR (General Data Protection Regulation, EU 2016/679) is the European regulation for the protection of personal data — particularly relevant for IT infrastructure in Art. 5 (principles), Art. 17 (right to erasure), Art. 28 (processors) and Art. 32 (security of processing). [Mehr erfahren →](https://www.fast-lta.de//en/glossary/gdpr) ### GDPR The GDPR (General Data Protection Regulation, EU 2016/679) is the European regulation for the protection of personal data — particularly relevant for IT infrastructure in Art. 5 (principles), Art. 17 (right to erasure), Art. 28 (processors) and Art. 32 (security of processing). [Mehr erfahren →](https://www.fast-lta.de//en/glossary/gdpr) ### GoBD The GoBD (Principles for the Proper Management and Storage of Books, Records and Documents in Electronic Form as well as Data Access) is a German Federal Ministry of Finance letter that specifies how tax-relevant documents must be archived electronically in Germany — particularly regarding immutability, completeness and auditability. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/gobd) ### WORM WORM (Write Once, Read Many) refers to a storage principle in which data is written once and can technically no longer be altered or deleted — in hardware WORM, this immutability is a physical property of the storage controller, independent of software, operating system or user privileges. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/worm) ### WORM WORM (Write Once, Read Many) refers to a storage principle in which data is written once and can technically no longer be altered or deleted — in hardware WORM, this immutability is a physical property of the storage controller, independent of software, operating system or user privileges. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/worm) ### GDPR The GDPR (General Data Protection Regulation, EU 2016/679) is the European regulation for the protection of personal data — particularly relevant for IT infrastructure in Art. 5 (principles), Art. 17 (right to erasure), Art. 28 (processors) and Art. 32 (security of processing). [Mehr erfahren →](https://www.fast-lta.de//en/glossary/gdpr) ### Audit-Proof Archiving Audit-proof archiving describes the legally required property of an archiving system that preserves documents completely, immutably, traceably and accessibly at all times — and that this can be demonstrated without gaps to tax authorities, auditors and data protection supervisory bodies. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/audit-proof-archiving) ### Audit-Proof Archiving Audit-proof archiving describes the legally required property of an archiving system that preserves documents completely, immutably, traceably and accessibly at all times — and that this can be demonstrated without gaps to tax authorities, auditors and data protection supervisory bodies. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/audit-proof-archiving) ### Audit-Proof Archiving Audit-proof archiving describes the legally required property of an archiving system that preserves documents completely, immutably, traceably and accessibly at all times — and that this can be demonstrated without gaps to tax authorities, auditors and data protection supervisory bodies. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/audit-proof-archiving) ### WORM WORM (Write Once, Read Many) refers to a storage principle in which data is written once and can technically no longer be altered or deleted — in hardware WORM, this immutability is a physical property of the storage controller, independent of software, operating system or user privileges. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/worm) ### GDPR The GDPR (General Data Protection Regulation, EU 2016/679) is the European regulation for the protection of personal data — particularly relevant for IT infrastructure in Art. 5 (principles), Art. 17 (right to erasure), Art. 28 (processors) and Art. 32 (security of processing). [Mehr erfahren →](https://www.fast-lta.de//en/glossary/gdpr)