The right to erasure, also known as the right to be forgotten, can be seen as an extension of data minimization. Since this right applies especially to data you no longer have a lawful ground for processing for, you are not allowed to process this data anyway. When a data subject notices or suspects you are processing their data without a legitimate ground, they can invoke the right to erasure and request you to remove their data. In this article we will discuss the practical implications of this right.
Imagine the following situation: a customer asks you to delete some personal data regarding purchases they made ten years ago. Upon this request you will need to assess the relevance of the data, and whether you still have a legitimate ground for processing the data. Do you have a legal obligation to keep this data on file, is there any sort of warranty situation or any other legitimate ground for processing? If not, then you should indeed erase the data. The same goes for data the was processed based on the customer’s consent; if the consent is withdrawn, the data has to be removed. However, when the processing of the personal data is still legitimate, you do not have to honor the request.
When you find the data you process is indeed illegitimate, you will need to delete all records of these personal data. This is the responsibility of the data controller (the organization who uses the data for their own purposes). Not just from your own systems, drives and filing cabinets, but also the information you shared with any external parties should be erased. In any data processing agreements you enter into, clauses regarding the execution of the rights of data subjects should therefore be included.
Organizations should be prepared to receive requests for erasure of personal data. Do you have a clear overview of the personal data your organization processes? And do you know where these data are stored? Audittrail can help you with a critical analysis of the personal data your organization processes and where they are stored. Our Baseline Status Assessment gives you insight into your current position, and identifies where there is room for improvement. Our consultants can offer additional practical step-by-step roadmaps for overall compliance improvement. Feel free to reach out for more information.
