Deletion of Data: Does it have to be regulated in a SOP?

Does there have to be a procedure in place for deleting data? Deleting GMP-relevant data is considered critical. The deletion of GMP-relevant data in a computerised system must be recorded by an audit trail. Annex 11 of the EU-GMP Guidelines states: "12.4  Management  systems  for  data  and  for  documents  should  be  designed  to  record  the  identity of operators entering, changing, confirming or deleting data including date and time."

Basically, it must be possible to recognize who is deleting data within such systems. Deleting data endangers data integrity and is a critical step. Work steps must be described in standard operating procedures (SOPs):

Chapter 4 of the EU-GMP Guidelines - Required GMP Documentation: "Procedures: (Otherwise known as Standard Operating Procedures, or SOPs), give directions for performing certain operations."

Deleting data that is no longer required is allowed. Deletion is the last step in the data life cycle. Safe procedures must be established for the deletion of GMP data.

Data should normally only be deleted after the end of their retention period. There are very few exceptions as to when data may be deleted before the end of its retention period. This includes, for example, data that has been migrated to another system. The deletion of data must be described in detail in a relevant SOP.

Sources:
EU GMP Guide - Chapter 4

EU GMP Guide - Annex 11