The General Data Protection Regulation (GDPR) introduced one of the most complex technical challenges for modern businesses: Article 17, the "Right to Erasure" (or Right to Be Forgotten).
This article establishes that, if a user requests it, you must delete all their personal data. But here arises the invisible problem: How do you delete data you sent via email six months ago?
If your support or sales team requests an ID photo, a credit card number, or a medical report via email, that data is replicated in:
- The employee's Sent folder.
- The customer's Inbox.
- The company's backup servers.
- The email provider's servers (Gmail, Outlook).
Cleaning up that trail is almost impossible. This is where GDPR compliant file sharing becomes critical. The solution is not to delete better, but not to retain the data in the first place.
The Automated "Right to Be Forgotten"
The GDPR's "Storage Limitation" principle dictates that data should not be kept longer than necessary.
Traditional tools (Email, Chat, standard WeTransfer) retain data until someone remembers to delete it. PII protection tools like Nurbak reverse this logic: the data has an expiration date by default.
By using self-destructing links, compliance with the "Right to Be Forgotten" is automatic:
- You don't need to search for the file to delete it; it no longer exists.
- If a customer asks to exercise their rights, you don't have to audit old emails from ex-employees.
Real Use Case: Sending Credit Cards Securely
A common scenario in travel agencies, hotels, or B2B services is the need to receive or send one-off payment data.
Typing a credit card number in an email or WhatsApp chat is a critical security (PCI-DSS) and privacy violation. If a hacker accesses that email years later, the data is still there.
How to do it with Nurbak (send credit card securely):
- The agent pastes the card details into Nurbak.
- Generates a link that can only be opened once.
- Sends the link to the booking system or provider.
- As soon as the provider views the data, the link is destroyed.
Result: The data traveled securely and disappeared immediately after use. There is no "digital waste".
Comparison: Email vs. Ephemeral Links (Nurbak)
For Data Protection Officers (DPO) and IT Managers, the risk difference is abysmal:
| Variable | Sending via Email / Chat | Sending via Nurbak |
|---|---|---|
| Data Retention | Indefinite (Years) | Ephemeral (Minutes/Hours) |
| Access Control | Recipient can forward it | One-time use (burns on read) |
| GDPR Compliance | High Risk (Hinders Art. 17) | Native Compliance (Storage Limitation) |
| Server Trace | Copies on multiple servers | RAM encryption & total wipe |
Why "Dataless Archives" are the Future
The best way to protect PII (Personally Identifiable Information) is not to have it.
Adopting a "sensitive data-free archives" policy means your company uses standard communication channels (like Slack or Email) only for notification ("Here is the information you requested"), but uses Nurbak for the actual transport of the sensitive data.
This turns your email infrastructure into a clean channel, free of toxic data that could generate millionaire fines in case of a security breach.
Conclusion
Don't let a forgotten email cost you a GDPR fine.
Implement the "Right to Be Forgotten" by design. Use Nurbak to send sensitive data that self-destructs automatically.