Skip to main content
← All controls
A.7.3.4 / GDPR Art.17 GDPR Article 17 / ISO/IEC 27701:2019

DSAR / erasure process for AI in scope

Demonstrate that the organization maintains documented, executable procedures to identify, retrieve, and erase personal data from AI systems in response to data subject requests, and that these procedures are tested and verifiably effective.

Description

What this control does

This control ensures that Data Subject Access Request (DSAR) and erasure processes explicitly account for personal data processed by or embedded within AI systems, including training datasets, model weights, embeddings, vector stores, and inference logs. When a data subject requests deletion under GDPR Article 17 or similar regulations, the organization must identify all AI components that contain or were trained on the subject's data, execute technical erasure or anonymization procedures, and validate that residual data does not persist in deployed models or cached outputs. This is critical because AI systems can retain personal data in non-obvious locations such as learned patterns, fine-tuned layers, or prompt histories that traditional deletion workflows may overlook.

Control objective

What auditing this proves

Demonstrate that the organization maintains documented, executable procedures to identify, retrieve, and erase personal data from AI systems in response to data subject requests, and that these procedures are tested and verifiably effective.

Associated risks

Risks this control addresses

  • Failure to remove personal data from training datasets, resulting in re-training models on data that should have been deleted and perpetuating privacy violations
  • Retention of data subject information in model embeddings, vector databases, or latent representations that are not addressed by standard deletion scripts
  • Incomplete erasure due to lack of inventory mapping between data subjects and AI systems that processed their data, leaving residual personal information in production models
  • Regulatory penalties and legal liability from demonstrable non-compliance with GDPR Article 17, CCPA deletion rights, or other jurisdictional erasure obligations
  • Reputational harm and loss of user trust when deleted data is discovered in model outputs, chat logs, or recommendation systems after purported erasure
  • Data re-identification risk when anonymization procedures for AI systems are insufficient, allowing deleted subjects to be inferred from model behavior or auxiliary data
  • Operational disruption and model retraining costs when erasure requests are processed inefficiently or require emergency patches to production AI systems

Testing procedure

How an auditor verifies this control

  1. Obtain the organization's DSAR and erasure policy documentation, and confirm it explicitly addresses AI systems including training data, models, embeddings, and inference logs.
  2. Request an inventory or data flow map that identifies which AI systems process personal data, the data sources feeding them, and the locations where subject data may persist (datasets, model artifacts, vector stores, caches).
  3. Select a sample of recent DSAR/erasure requests (minimum three from the past 12 months) and trace the execution workflow, verifying that AI systems were assessed as part of the request fulfillment.
  4. For one completed erasure request, examine technical logs or change records demonstrating specific actions taken: dataset row deletion, model retraining or pruning, vector store updates, and cache purges.
  5. Interview the data protection officer or responsible technical staff to confirm the procedure for determining whether a model must be retrained, fine-tuned, or unlearned when subject data is removed from training sets.
  6. Review testing or validation evidence showing the organization verified erasure effectiveness, such as search queries against vector databases, model output sampling, or data lineage audits post-deletion.
  7. Examine any documented limitations or exceptions (e.g., aggregated analytics, backups, legal holds) and verify these are disclosed to data subjects and align with regulatory exemptions.
  8. Verify that the erasure process includes a defined timeline for completion and a mechanism to notify the data subject once AI-related data has been purged.
Evidence required Collect the DSAR/erasure policy with AI-specific sections, data inventory or data flow diagrams mapping personal data to AI systems, workflow tickets or case management records for sample erasure requests, technical logs or scripts showing dataset updates and model retraining actions, validation test results or queries confirming data absence post-erasure, and any communications sent to data subjects confirming completion. Additionally, gather interview notes from data protection or AI engineering staff describing the technical erasure methodology and decision criteria for model handling.
Pass criteria The control passes if documented procedures explicitly cover AI systems in DSAR/erasure workflows, sample requests demonstrate verifiable technical actions to remove personal data from all identified AI components including models and embeddings, and validation evidence confirms erasure effectiveness with no unexplained gaps or unaddressed AI data stores.

Where this control is tested

Audit programs including this control

AI Privacy & Training Data Lawfulness

Quick check on the privacy + lawfulness side of using or building AI — training-data provenance, lawful basis,…

7 controls · v1.0