Gayathri Muthalagu

UK General Data Protection

GDPR Permanent User Deletion

  • Timeline: 3 days
  • Focus: Permanent deletion workflows, implementation complexity, and GDPR compliance

Scope & Solution Exploration

Background

GDPR policy gives users in the EU the right to request that organisations delete their personal data permanently and fully. It also imposes an obligation on the organisation that holds the data to delete it.

This creates several challenges:

For the platform

  • We continue to receive requests from schools to permanently delete users on their behalf.
  • Different regions currently have different deletion processes.
  • Existing delete workflows are manual and long.
  • User data can have complex dependencies across multiple modules and records.

For Schools

  • Schools must contact our platform to perform permanent deletions in some regions.
  • There is no visibility of all the data that must be removed before a user can be permanently deleted.
  • Administrators have no structured process for tracking deletion progress.
  • Managing GDPR compliance can be difficult when user data exists across multiple areas of the platform.

Scope

The purpose of this proof of concept was to explore potential workflows that would enable admins to perform full and permanent deletion of user data through our platform.

At a minimum, the solution needed to:

  • Display a list of items that must be deleted before permanent deletion can occur.
  • Provide links to the relevant areas of the platform where the data can be removed.
  • Display the status of each item.
  • Update statuses as data is deleted.
  • Prevent permanent deletion until all prerequisite items have been removed.
  • Allow the user to perform a true and irreversible deletion once all requirements have been met.

The visual polish of the proof of concept was not the focus. The objective was to explore different models that could help us understand implementation complexity, workflow suitability, and future requirements.

Solution 1: Guided Permanent Deletion

This workflow takes a straightforward approach to permanent deletion. When an administrator initiates a permanent deletion, a side panel is displayed containing all data and records that must be removed before the user can be permanently deleted. Each item includes a link to the relevant area on our platform, allowing administrators to navigate directly to the location and manually delete the required data. As items are removed, their status is updated within the side panel. Once all items have been deleted, the administrator can proceed with the permanent deletion.

A final confirmation dialog is displayed before the deletion is performed.

Guided permanent deletion side panel showing prerequisite items to remove, status indicators, and a final confirmation step.
Guided deletion side panel with prerequisite checklist and blocking-item status.

Benefits

  • ✅ Easy to understand
  • ✅ Clear separation from existing delete workflows
  • ✅ Supports complex deletion scenarios
  • ✅ Low implementation complexity

Considerations

  • ⚠️ Requires administrators to move between multiple pages
  • ⚠️ Less suitable when large amounts of data need to be reviewed and deleted

Solution 2: Guided Deletion with Steps

This concept introduces a structured, step-by-step workflow. Rather than immediately displaying the data that must be removed, the workflow first asks the administrator to acknowledge that the deletion is permanent and cannot be reversed. Once confirmed, the administrator progresses through a series of guided steps to review, delete, and validate prerequisite data before performing the permanent deletion. This concept also introduces the option to send confirmation emails to administrators and users after deletion has been completed.

Step-based guided deletion flow showing data that will be lost on step one and user information confirmation on step two.
Step-based workflow with data-loss review and final confirmation.

Benefits

  • ✅ Strong emphasis on the irreversible nature of deletion
  • ✅ Provides clear guidance throughout the process
  • ✅ Reduces the likelihood of accidental deletions
  • ✅ Supports confirmation and audit communication

Considerations

  • ⚠️ More steps for experienced users
  • ⚠️ May feel slower for straightforward deletion scenarios

Solution 3: Permanent Deletion page/module

This concept introduces a dedicated page called Permanent Deletion List. The page acts as a workspace where administrators can manage permanent deletions over time. This recognises that permanent deletion can be a complex process involving multiple modules, dependencies, and stakeholders.

Administrators can:

  • Start a deletion process.
  • Review outstanding items.
  • Complete prerequisite deletions.
  • Save progress.
  • Return at a later time.
  • Complete the permanent deletion when all requirements have been met.
Permanent delete users list page with separate Students and Staff sections for managing deletion requests over time.
Dedicated permanent deletion list workspace for students and staff.

Benefits

  • ✅ Supports large and complex deletion scenarios
  • ✅ Allows administrators to pause and resume work
  • ✅ Provides a dedicated space for managing GDPR deletion requests
  • ✅ Creates opportunities for future auditing and reporting

Considerations

  • ⚠️ Larger implementation effort
  • ⚠️ Introduces a new area within our platform

Solution 4: Data Grid-Based Review layout

This concept presents deletion requirements in a data grid format. Rather than displaying items in a checklist, all records requiring action are displayed in a structured table.

Each row provides visibility of:

  • The item that requires deletion.
  • The location within our platform.
  • Current status.
  • Required action.

The data grid allows administrators to quickly understand what work remains and track progress throughout the deletion process. The workflow itself remains step-based, but the grid significantly improves readability and process tracking.

Data grid review workflow showing person tracking records to delete, user information confirmation, and a successful deletion state.
Grid-based review with record selection, confirmation, and completion states.

Benefits

  • ✅ Improved visibility of deletion progress
  • ✅ Easier to review large volumes of data
  • ✅ Stronger process tracking
  • ✅ Familiar experience for administrators

Considerations

  • ⚠️ More complex UI than a simple checklist
  • ⚠️ Additional design considerations for responsive layouts

Solution 5: Data Grid with Anonymisation

This concept builds upon the data grid workflow by introducing anonymisation as an additional outcome. In some scenarios, organisations may prefer to anonymise certain records rather than fully delete them, depending on policy, compliance requirements, or operational needs.

The workflow allows administrators to:

  • Review deletion requirements.
  • Determine whether records should be deleted or anonymised.
  • Track progress through the same grid-based experience.
  • Complete the chosen action once all requirements have been met.
Advanced deletion view listing tables blocking deletion, manual removal requirements, and a final permanently delete user confirmation dialog.
Advanced deletion with blocking dependencies and anonymisation-ready confirmation.

Benefits

  • ✅ Provides greater flexibility
  • ✅ Supports future privacy and retention requirements
  • ✅ Builds upon an already scalable workflow
  • ✅ Creates opportunities for broader data governance capabilities

Considerations

  • ⚠️ Additional policy decisions required
  • ⚠️ Increased implementation complexity
  • ⚠️ May extend beyond the scope of the MVP