Deletion of Data: Does it have to be regulated in a SOP?

Recommendation
6/7 May 2025
Does there have to be a procedure in place for deleting data? Deleting GMP-relevant data is considered critical. The deletion of GMP-relevant data in a computerised system must be recorded by an audit trail. Annex 11 of the EU-GMP Guidelines states: "12.4 Management systems for data and for documents should be designed to record the identity of operators entering, changing, confirming or deleting data including date and time."
Basically, it must be possible to recognize who is deleting data within such systems. Deleting data endangers data integrity and is a critical step. Work steps must be described in standard operating procedures (SOPs):
Chapter 4 of the EU-GMP Guidelines - Required GMP Documentation: "Procedures: (Otherwise known as Standard Operating Procedures, or SOPs), give directions for performing certain operations."
Deleting data that is no longer required is allowed. Deletion is the last step in the data life cycle. Safe procedures must be established for the deletion of GMP data.
Data should normally only be deleted after the end of their retention period. There are very few exceptions as to when data may be deleted before the end of its retention period. This includes, for example, data that has been migrated to another system. The deletion of data must be described in detail in a relevant SOP.
Sources:
EU GMP Guide - Chapter 4
EU GMP Guide - Annex 11
Related GMP News
30.04.2025FDA Warning Letter on missing Audit Trails and Raw Data Review
23.04.2025New WHO Guideline Package: TRS 1060 published
16.04.2025EMA: QPs must provide a written final Assessment and Approval of Third-Party Audit Reports
15.04.2025Strategic Report published by the Critical Medicines Alliance
09.04.2025EMA's Plans for the next three Years
09.04.2025Q&A Document on QP Declaration updated