Erasure and Backups: Is Your Data Really Deleted?

What "deleted" usually means in practice

When an organisation acts on a right-to-erasure request under the UK GDPR (Article 17), most people picture every copy of their data disappearing in one clean sweep. The reality is more layered. Organisations typically hold your data in two broad places: live, active systems that staff use day to day, and backup copies kept in case those live systems fail or data is lost.

Erasing data from the live system is the part you usually notice — your record is removed from the database the organisation works in. Backups are different. They are snapshots taken at points in time, often stored separately and designed not to be edited, precisely so they remain a reliable safety net. Reaching into a backup to surgically remove one person's record can be technically difficult and can even undermine the integrity of the backup itself.

So when an organisation tells you your data has been deleted, it generally means it has been removed from active use. The backup copies may still exist for a period afterwards. This is general information, not legal advice.

Why backups are treated differently — the "beyond use" approach

The UK's data-protection regulator, the Information Commissioner's Office (ICO), recognises this practical difficulty. Its guidance accepts that where data is held in a backup, an organisation does not always have to delete it from that backup immediately to honour an erasure request. Instead, it can put the backup data "beyond use".

Putting data beyond use means the organisation isolates it so it is not used for any other purpose, protects it appropriately, and commits to deleting it when the backup is next refreshed or overwritten on its normal cycle. In other words, the backup copy is parked safely and left to expire as the backup ages out, rather than being reached into and edited. The ICO's position is that an organisation taking this approach can be considered to be meeting its erasure obligations, provided it does not bring that data back into active use in the meantime.

This is why a faithful answer to "is my data really deleted?" is often: yes from live systems now, and from backups within the organisation's backup retention period. The exact timing depends on how long that organisation keeps its backups before overwriting them.

• Live data: removed from the systems staff actively use, usually first.
• Backup data: isolated and put beyond use, then deleted as backups are overwritten.
• Beyond use means: not used for anything else, protected, and scheduled to expire.
• Timing: tied to the organisation's normal backup cycle, not the day you asked.

What you can reasonably expect, and ask

Knowing how backups work helps you set realistic expectations and frame a clearer request. If full erasure matters to you, it is reasonable to ask an organisation to confirm that your data has been removed from live systems and that any remaining backup copies have been put beyond use and will not be reused. Many organisations will explain their backup retention period if you ask.

It also helps to remember the limits of what anyone can promise. An organisation may lawfully keep some data even after an erasure request — for example where it has a legal obligation to retain certain records — and erasure does not apply in every situation. Because the decision and the technical reality both sit with whoever holds your data, no one can guarantee that every trace disappears on a particular date. A calm, specific request and a record of the reply put you in the strongest position.

OSINTA's role here is to help you understand your own footprint and frame and route your own requests; the choices remain yours at every step. If you are not satisfied with how an organisation handles your erasure request, you have the right to complain to the ICO. This is general information, not legal advice.

Frequently asked questions

Related terms

• Right to erasure
• Right to be forgotten
• GDPR (General Data Protection Regulation)
• Data controller