The “Right to Erasure”, also known as the “right to be forgotten”, is one of the eight data subject rights mandated by the General Data Protection Regulation (GDPR).
According to Article 17 of the GDPR, data subjects have the right to request the erasure of all personal data held about them by a data controller (an organisation who controls the purpose of and means by which one’s personal data is processed). The legislation goes on to say that, given certain grounds for erasure, the data controller must do so without “undue delay” and within one month of their receipt of the request.
Whether you want to take more control over your personal data, or are a business trying to achieve GDPR compliance, here’s what you need to know about the Right to Erasure.
While certain organisations are legally required to comply with these requests, they only need to do so under the following conditions:
Some common examples of these services are apps and websites such as social media, online shops, and streaming platforms.
The GDPR also notes the circumstances in which the Right to Erasure doesn’t apply, which includes:
The GDPR doesn’t specify a particular method or format to request the erasure of your personal data. Generally, one can simply contact the relevant data controller and provide a written or verbal request to have their information erased.
Depending on the organisation you’re dealing with, you may need to provide certain details such as personal identification, contact information, the reason why you want your data to be erased, and state which information specifically you’d like to be erased.