Apologies for the delay in replying. We have been discussing how we might accommodate this request, however we feel that there is not a need for a specific function to handle the deletion of personal data, due to how GDPR interacts with the medical sector and ‘The Right to be forgotten’.
Please see this excerpt from the ICO regarding Medical/Healthcare Organisations:-
How are medical and dental records affected by the right to erasure?
There is no absolute ‘right to be forgotten’.
People can ask for their personal data to be erased – but only when there is no compelling reason for its continued processing.
Requests will have to be assessed on their own merits. However, care providers, for example, will likely have a very good reason for processing much of the personal data they hold for the purposes of providing medical care.
More information from this article can be found here:- https://ico.org.uk/for-organisations/health/health-gdpr-faqs/
In light of this we feel that the need for the deletion of personal data would be a rare event if at all, and therefore to manually ‘X’ any personal information on records that call for this on occasion is what we are recommending for now.
Future development will include functionality to erase all identifiable data, but for now, we feel this is sufficient.