Personal data erasure — trigger-driven with propagation
Primary statement
Personal data erasure per DPDPA Section 6 + DPDP.6 (consent withdrawal / purpose expiry / specified retention end) + ISO A.8.11 masking + A.8.12 DLP + A.7.14 secure disposal + ISO 27701 + SOC 2 P4.3. Erasure must propagate across primary stores, backups, processors, derived datasets.
Audit-fatigue payoff
A unified erasure programme — trigger-driven + propagation-tracked + processor-flow-down — satisfies erasure across all 4 contributing frameworks.
Strictness matrix
Scope
Scope: erasure on consent withdrawal OR purpose expiry OR specified retention end. Three triggers.
Ceiling source: dpdpa:DPDP.6
Rationale: DPDPA DPDP.6 three-trigger scope is comprehensive.
Threshold
Threshold: erasure unless retention legally required + propagation to backups, processors, derived datasets.
Ceiling source: dpdpa:DPDP.6
Rationale: DPDPA propagation threshold is binary.
Method
Method: trigger detection + automated workflow + processor flow-down + backup erasure or eventual purge + derived dataset purge + secure media disposal (ISO A.7.14).
Ceiling source: dpdpa:DPDP.6
Rationale: DPDPA DPDP.6 + ISO controls combined are most prescriptive.
Frequency
Trigger-driven per event. Erasure verification per event + periodic propagation audit.
Ceiling source: dpdpa:DPDP.6
Rationale: Trigger-driven is operational floor.
Evidence
Evidence: erasure procedure + trigger detection + propagation tracking + sample erasure traced across all systems.
Ceiling source: dpdpa:DPDP.6
Rationale: DPDPA evidence with propagation is comprehensive.
Auditor test pattern
Step 1: Inspect erasure procedure. Step 2: Sample one erasure; trace through all downstream systems. Step 3: Verify processor flow-down. Step 4: Verify backup erasure.
Common findings
Common findings: (1) Erasure primary-database deep only; (2) Processor flow-down absent; (3) Derived datasets not purged; (4) Backup purge untracked.