Software in regulated industries must comply with: (1) Auditability laws that require tamper-proof, long-term storage of event logs & (2) Privacy laws (GDPR) that require users’ personal data to be erasable on request.

Deleting data conflicts with the need for immutable audit trails — especially across backups and air-gapped storage.

Crypto-shredding is the solution to this dilemma. Instead of deleting data, systems encrypt sensitive information with user-specific, time-scoped keys and later make it unreadable by deleting those keys.

https://remotereason.com/blog/balancing-auditability-and-privacy-with-crypto-shredding