Legal Hold –
Protection of legally relevant data

The Legal Hold function allows specific data and documents to be deliberately protected from deletion in situations such as litigation, audits, or internal investigations. Designated content remains unchanged, ensuring that statutory retention periods, compliance requirements, and international standards are reliably met.

Legal Hold and data deletion –
Legal certainty and data integrity in decommissioned legacy systems

With ViewBox, our specially developed research system for decommissioned legacy systems, we offer companies two core functions for archive management that is compliant with data protection law: Legal Hold and controlled data deletion. Both functions ensure legally sound handling of archived information, from protection and statutory retention through to audit compliant deletion.

Legal basis

Relevant legal bases:

GDPR
(Article 17(3) exceptions to the right to erasure)

The General Data Protection Regulation requires companies to erase personal data unless it is needed to comply with legal obligations or for the establishment, exercise, or defense of legal claims. The Legal Hold function ensures that such data is specifically protected and archived in an audit-compliant manner for as long as legally required.

German Commercial Code (HGB)
and Fiscal Code (AO)

Under the HGB and AO, business-relevant records—such as annual financial statements, accounting vouchers, and commercial correspondence—must be retained for up to ten years. The Legal Hold function prevents these data from being deleted inadvertently and ensures their complete, evidentiary availability for tax audits or legal proceedings.

Sarbanes-Oxley
Act (SOX)

The U.S. Sarbanes-Oxley Act requires internationally active and publicly listed companies to retain business and financial information over the long term in a traceable manner. With Legal Hold, these requirements can also be met in decommissioned legacy systems, since relevant data are reliably protected from deletion and remain accessible at any time.

eDiscovery requirements
(e.g. in the United States)

In many international legal systems, especially in the United States, companies are required to provide electronic evidence in a structured form during investigations or court proceedings. The Legal Hold function in ViewBox helps to preserve relevant data on a lasting basis and to meet legal requirements for transparency and traceability.

Data deletion –
secure, automated, and audit-compliant

Once statutory or internal retention periods have expired, ViewBox enables fully controlled deletion of archived data. The function can be automated, is fully logged, and guarantees compliant execution of deletion requirements.

Key benefits of the
deletion function:

Automation

Deletion processes can be configured to start automatically once the relevant retention period expires. This minimizes manual effort, saves time, and reduces the risk of human error.

Full audit trail

Every deletion is documented end to end, from identifying the data to the final confirmation of deletion. Companies can demonstrate at any time that they have fulfilled their deletion obligations in a compliant manner.

Compliance conformity

ViewBox helps companies reliably implement complex statutory and industry specific deletion requirements. Violations of data protection or retention obligations, along with potential fines or reputational damage, can be effectively avoided.

Legal framework
for data deletion:

GDPR
Article 17 Right to be Forgotten)

Personal data must be erased as soon as it is no longer required for the original purpose. ViewBox enables a secure and traceable implementation of this deletion obligation, including in legacy systems.

BDSG –
(Federal Data Protection Act)

The BDSG specifies the GDPR at the national level and requires, in particular, the secure deletion of personal data in IT systems. ViewBox ensures that this deletion is documented in an audit proof manner even in decommissioned or outsourced systems.

ISO
27001

The international standard for information security management requires defined processes for data deletion to ensure confidentiality, integrity, and traceability. ViewBox helps companies reliably implement these standards in the archiving domain.

Industry-specific deletion policies
(e.g., financial services, healthcare, energy)

In regulated industries, special requirements apply to the retention and deletion of data. With ViewBox, these sector-specific requirements can be met in a structured and automated way, even in complex legacy system environments.

Conclusion:

With its Legal Hold and controlled data deletion functions, ViewBox provides a comprehensive solution for the legally sound and audit-compliant handling of archived information in decommissioned legacy systems. Companies not only meet statutory requirements, they also reduce risk, safeguard data integrity, and strengthen their compliance structures in a sustainable and efficient way.

Legal Hold – Protection of legally relevant data

Legal Hold and data deletion – Legal certainty and data integrity in decommissioned legacy systems

Legal basis

GDPR (Article 17(3) exceptions to the right to erasure)

German Commercial Code (HGB) and Fiscal Code (AO)

Sarbanes-Oxley Act (SOX)

eDiscovery requirements (e.g. in the United States)

Data deletion – secure, automated, and audit-compliant

Key benefits of the deletion function:

Legal framework for data deletion:

GDPR Article 17 Right to be Forgotten)

BDSG – (Federal Data Protection Act)

ISO 27001

Industry-specific deletion policies (e.g., financial services, healthcare, energy)