GDPR and HIPAA redaction: what "redacted" has to mean for compliance
Under GDPR and HIPAA, a redaction that merely covers the data is still a disclosure — and, if it's found, a reportable breach. Here's what proper redaction actually requires, and how to check it held.
In a compliance context, redaction isn't a formatting choice — it's the line between a lawful disclosure and a breach. And the failure mode is exactly the same one that trips everyone else up: covering data instead of removing it. If the personal data or health information is still present in the file, it hasn't been redacted. It's been disclosed with a black rectangle on top.
GDPR: covered data is still personal data
Under the GDPR, information only leaves scope when it is genuinely anonymised — when the individual can no longer be identified from it. Black bars over live text don't anonymise anything; the data is still there and still recoverable, so it's still personal data and still your responsibility.
This bites most often in two places:
- Subject access requests (DSARs). You frequently have to disclose a record while redacting the personal data of third parties in it. If those redactions can be lifted, you've disclosed someone else's personal data.
- Breach notification. A failed redaction that exposes personal data is a personal data breach — which can carry a notification obligation (in many cases within 72 hours) and regulatory consequences.
HIPAA: PHI has to actually be gone
For protected health information, HIPAA's de-identification standard recognises two routes: Safe Harbor (removing the 18 specified identifiers — names, dates, contact details, record numbers, and so on) or Expert Determination. Either way, the identifiers have to be removed. A redaction that leaves the underlying text recoverable hasn't removed anything, so the PHI is still disclosed — an impermissible disclosure that can trigger breach notification.
What compliant redaction requires
- Remove, don't cover. The content must be gone from the file — not selectable, searchable, or retrievable by OCR or inspecting the file's structure.
- Deal with the hidden layers. Metadata, tracked changes, comments and hidden text carry identifiers too. Strip them.
- Verify every output. Copy-paste the redacted zones, OCR the file, and confirm nothing survives. Make it a routine step, not a spot check.
- Control who processes the data. If you send documents to a third-party service to redact them, you've shared personal data or PHI with a processor — which generally needs the right contractual footing (a GDPR processor agreement, or a HIPAA Business Associate Agreement) and adds a place the data can be exposed.
- Keep it demonstrable. Being able to show how a document was handled matters as much as the redaction itself.
The processing question people miss
Redaction increasingly involves AI to find the identifiers — and that usually means sending the text to someone else's servers, which is precisely the kind of third-party exposure the rules care about. Two design choices reduce that exposure:
- Process on the user's device. If the file is redacted locally, no copy sits on an external server to be logged or retained.
- Run the sensitive step in a verified enclave. When text does need to be analysed by AI, running it inside confidential-computing hardware (an AMD SEV-SNP enclave) means the operator and cloud host can't see it — and the enclave's attestation can be checked, so "it stayed private" is verifiable rather than assumed.
Private Redaction is built this way: the file is redacted in your browser and never uploaded, and the AI detection step runs in a verified private enclave with a downloadable attestation you can check independently. That reduces the third-party-exposure surface compared with a tool that ships your document to a server.
Be clear about what that does and doesn't do. Reducing exposure is not the same as making you compliant. Automated detection can miss an identifier, so you must review the output. Using the tool is not a substitute for your own compliance programme, and it does not by itself provide a Business Associate Agreement or a processor contract. For anything regulated, treat it as one control among several, and get advice specific to your obligations.
Takeaways
- Covered data is still disclosed data — and under GDPR/HIPAA a failed redaction can be a reportable breach.
- Compliant redaction means the content is removed and unrecoverable, including metadata and hidden layers.
- Where the data is processed matters: local + verifiable-private processing reduces third-party exposure.
- Always verify the output, keep records, and get advice for your specific obligations — no tool makes you compliant on its own.
Private Redaction keeps your file on your device and runs the AI step in a verified private enclave, with a downloadable attestation receipt. Free, in your browser. Review the output before relying on it — it's a tool, not legal advice.