Deleting Vaults
Data within Safe4 is stored in vaults, which contain the folders, files, asset records and users that relate to the subject in question. In many cases these vaults contain specific references to living individuals, often with highly confidential personal content. When the client or data subject ceases to be associated with the provider for any reason, it is necessary for the content of these vaults to be permanently removed.
It has always been possible within Safe4 to make vaults Inactive. This facility is described in the Client Vault Management section of the Administration Guide. Inactive vaults can be re-activated by a provider user, and thus the requirements of GDPR are not met by this action.
GDPR Requirements
As for providers, described in the previous section of this Guide, it will be necessary for vaults to be completely removed when the provider has no reason to retain their contents. The Regulation identifies 6 reasons for retaining data relating to a living individual, of which consent and contract are the most commonly applied. However, in the event of a client leaving a provider and asking for their data to be removed, it is necessary for it to be completely deleted and thus placed beyond recovery.
A provider user that has been designated as a system administrator will be able to delete a client vault when required. From the provider home page a specific vault can be selected for deletion:
In this illustration the vault GDPR Compliance Structure is to be deleted. The Actions column to the right of the vault name now offers an additional option:
If this option is chosen, a warning message will be displayed:
After clicking the OK button, a second warning message will be shown:
As the message indicates, all of the content of the vault will be deleted, including folders, files, asset records and users. This action cannot be reversed.
After clicking the OK button a second time, the vault will be permanently removed and cannot be recovered:
