Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.183 Delete sensitive data securely

This document contains the details of the security requirements related to definition and management of sensitive data in the organization. This requirement establishes the importance of removing sensitive data securely when they are no longer required to avoid information leakages.


The system must support the secure removal of sensitive data when they are no longer required, so that they can not be recovered.


Systems often store and delete sensitive information protected by government regulations. These regulations usually demand that data be removed after it is no longer required and that its deletion follow secure procedures that prevent it from being recovered.


  1. GDPR. Art. 5: Principles relating to processing of personal data.(1)(e). Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

  2. OWASP-ASVS v3.1-9.6 Verify that there is a method to remove each type of sensitive data from the application at the end of the required retention policy.

  3. OWASP-ASVS v3.1-9.11 Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required, to mitigate memory dumping attacks.

Service status - Terms of Use