The right of erasure – What does it mean to get “erased”?

Posted byGDPRsimple Leave a comment on The right of erasure – What does it mean to get “erased”?

The right to erasure, also known as the “right to be forgotten,” gives the individual the ability to have personal data erased when one of the following grounds applies:

  • The personal data are no longer necessary for the purposes for which they were collected and processed
  • The legal ground for the processing is consent and the individual has withdrawn his or her consent and there is no other legal ground for processing
  • The individual objects to the processing and there are no overriding legitimate grounds for the processing
  • The personal data have been unlawfully processed
  • A legal obligation requires erasure of the personal data
  • A child’s personal data were collected over the internet

A controller, who must erase personal data and who has made that personal data public, must take reasonable steps to inform controllers who are processing that personal data that the individual has requested erasure by them of any links to, or copy or reproduction of, that personal data. 

The obligation to erase and the obligation to inform other controllers does not apply where processing is necessary:

  • For exercising the right of freedom of expression and information
  • To comply with a legal obligation which requires processing or to perform a task carried out in the public interest or in the exercise of official authority
  • For reasons of public interest in the area of public health
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
  • To establish, exercise or defend legal claims

Any erasure must be disclosed to each recipient to whom the personal data have been disclosed, unless it is impossible or involves disproportionate effort.  The individual must be informed about those recipients if he or she so requests. 

This blog is the eighth in a series of blogs that describes and explains the eight individual rights set forth in the GDPR.  If you don’t want to wait until the next blog to learn more about the GDPR and the individual rights in the GDPR, take a look at GDPRsimple, http://www.keepgdprsimple.com, an automated web and mobile tool, that can help SMEs implement the GDPR and demonstrate their implementation.

Next blog:  What is the right to restrict processing?

Leave a comment

Your email address will not be published. Required fields are marked *