Hard vs Soft delete user data | Saksham Khandelwal

Hard vs Soft delete user data

Both have their known benefits and drawbacks. Let’s have a look what they are and why they need to be taken seriously.

Hard Delete

Using this hard delete alternative, all user’s related records are physically deleted from the database. So, once they are deleted, THEY ARE GONE FOR REAL ….. There is no way to get them back.

It might sound harsh, but this is aligned with the EU GDPR Right to be forgotten where user has the right to request their data to be removed from the system and the company where their data is kept, obliged to do so and may even face severe consequences if this request is not followed through.

Surely, we don’t want to get into trouble for not fulfilling the user’s right who asked for their data to be completely erased from our system. Examples of legal reason can be in the case of that user’s data is related to the financial/medical records in which companies have statutory obligations to keep these data for a certain number of years.

It seems like going hard delete is a sure thing. The issue is, deleting records from the database can create a havoc. This is because quite often then not, these users data are connected to different tables thus the deletion would mean breaking the connections. If there is no proper measure put in place, this will lead to a system crash.

Soft delete

To avoid the database nightmare caused by data deletion, often soft delete is chosen as an alternative. This is done by removing the reference to that particular user’s data and flag the record as deleted without physically removing it from the database.

This way, the system will still work as normal (well, as long as it is done properly), since the connection to the user table has been removed. However, there are potential issues to this option. Let’s face it. These so called “deleted” data still need to be kept somewhere, which lead to an increase of the storage space.

Another concern is related to security issues. Deleted data that are stored in our system are still part of the confidential users data that we need to protect. Therefore, before going down this path of soft delete, we need to think about it carefully.

Let's take an example of Facebook -

What happens to content (posts, pictures) that you delete from Facebook?

When you choose to delete something you shared on Facebook, Facebook remove it from the site. Some of this information is permanently deleted from their servers; however, some things can only be deleted when you permanently delete your account.

What happens if you permanently delete your Facebook account?

1. You won't be able to reactivate your account

2. Your profile, photos, posts, videos and everything else you've added will be permanently deleted. You won't be able to retrieve anything you've added.

But you can cancel your account deletion.

If it's been less than 30 days since you initiated the deletion, you can cancel your account deletion. After 30 days, your account and all of your information will be permanently deleted, and you won't be able to retrieve your information.

It may take up to 90 days from the beginning of the deletion process to delete all the things you've posted. While Facebook were deleting this information, it's not accessible to other people using Facebook.

Copies of your information may remain after the 90 days in backup storage that Facebook use to recover in the event of a disaster, software error or other data loss event. They may also keep your information for things such as legal issues, terms violations or harm prevention efforts.