My assumption is that this is not _really_ a technical question and is instead more of an accounting question. My assumption is that you'd have to come up with documentation showing everywhere their data goes within your system then you basically "super promise" (usually in the form of a legal contract) that you do delete it in all those places, and you _also_ create a record of those deletion mechanisms (e.g. recording the DELETE HTTP request you make to the S3 rest API).

That basic approach (promise in contract then record your efforts to comply) is the approach I've seen taken for e.g. CCPA-style compliance mechanisms.

Note though that what I've described isn't necessarily exactly a fit for your problem domain; nor is my description complete (e.g. if you only do what I just listed, you may have a very angry client). Just thinking out loud here.

Proving deletion is kinda like proving a negative, I've been there.

Things that may help: * A method statement (procedure) for creation and deletion. * Careful screenshots of the above for sensitive datasets including the 'after' state, eg trying to access old data getting an error. * Signed statements by the people doing the above that they actually did the above in good faith and had it cross-checked by someone senior. * Possibly stamp it so someone has liability if wrong.

I've used a letter of attestation with a sample of log metadata from logs action was taken against and the command executed for evidence of this.

You can't prove a negative. How would you do it for an on-prem scenario?

[dead]