Data purging definition
Data purging is the act of permanently and securely removing data from a system (such as a database or storage device). Purging outdated or unnecessary data reduces storage costs and reduces the risk of data leaks. In some cases, organizations may be required to purge data to comply with data protection laws, such as the General Data Protection Regulation.
See also: data processor, data protection policy
Data purging and data retention
Organizations typically establish data retention policies that specify how long certain types of data should be retained before they are purged. These policies must take into account both business needs and the applicable legal requirements.
Following these data retention policies, organizations must regularly round up the files that need to be removed. Purgeable data may include information that is no longer needed for business purposes, sensitive information that should not be retained for long, or information that must be deleted in accordance with the law.
Common data purging methods
- Data can be securely deleted in a way that makes it impossible to recover — for example, by overwriting it with random bits multiple times to make it difficult for data recovery tools to retrieve information.
- For physical storage devices like hard drives or SSDs, data purging can involve physically destroying the storage media — for example, by shredding or incineration.
- In some cases, data may not be deleted but rather marked as deleted in the file system. This leaves the data unreachable by normal means and allows it to be overwritten by new information. Until it is overwritten, however, this data is still recoverable.