GDPR Right To Be Forgotten Explained

GDPR Right To Be Forgotten Explained

The “right to be forgotten”, or right to erasure, is the right afforded to data subjects to demand the erasure of their personal data, and organisations are obligated to take reasonable steps to remove the data without undue delay (and at the latest within one month of receiving the request) or risk having stiff penalties imposed upon them. It is one of the most well-known and debated elements of the General Data Protection Regulation (GDPR), stated in Article 17 of this new EU legislation.

To delve further, data subjects have the right to obtain erasure when one of the following requirements apply:

-The organisation that holds the data does not need the data any longer

-The data subject withdraws consent for the processing of their personal data and the data controller has no legal requirement to keep the data

-The data subject uses their right to object to the data processing (as stated in Article 21 of the GDPR)

-The data controller or processor is making use of the personal data illegally

-The data has to be erased for legal requirements

-The data subject was a child at the time the data was collected (refer to Article 8 for further details)

However, there are exceptions that would allow organisations to keep the data and overrule the right to erasure, if processing is necessary:

-For exercising the “right of freedom of expression and information”.

-For legal or compliance reasons

-For reasons of public interest in the area of public health

-For scientific, historical research, statistical or public interest archiving purposes

-For the establishment, exercise or defence of legal claims.

While erasure of data sounds like a simple request, implementing it in today’s sprawled data ecosystem is a complex endeavour to say the least. Every organisation will have different ways of storing data and make use of different technologies, so they will require a case by case assessment. But by and large, the regulation and its different elements are about ensuring that individual personal data is well-protected, and organisations are doing everything in their power to best serve the rights of the data subjects.

© Asia Online Publishing Group Sdn Bhd 2017
Powered by