Header


Why is the GDPR’s “right to be forgotten” important?

Why is the GDPR’s “right to be forgotten” important?

The General Data Protection Regulation (GDPR) is a set of rules established by the European Union (EU) to govern how personal information is collected, stored, and used by companies all over the world.

 

Since taking effect in May 2018, the GDPR has created a regulatory environment that protects the data rights of residents of the EU and the European Economic Area (EEA) while also catering to the best interests of businesses operating in the digital economy.

 

One of the pertinent provisions in the GDPR is the right to erasure, also known as the “right to be forgotten.” It is one of the eight rights listed and described in Chapter 3 of the GDPR.

 

What is the right to erasure?

 

In summary, individuals have the right to request the permanent removal of their personal information from a data controller’s records or databases. This way, the data may no longer be accessed, processed, and disseminated to other individuals or organizations.

 

Residents of the EU and the EEA can request erasure of their personal data through verbal or written means. While data erasure requests do not require any specific form, data owners, also referred to as data subjects, must be able to provide suitable proof of their identity.

 

Data controllers must comply with erasure requests immediately. If delays cannot be avoided, the data controller must provide the person requesting the erasure with sufficient information about the measures taken or any reason for the refusal of the request.

 

The data controller must also take reasonable measures to inform other organizations of the erasure. This applies to personal data that has been disclosed to other data controllers for processing, as well as to personal data that has been made public in online platforms, such as social networks, forums, or websites.

 

Why is it important for the GDPR to include the right to be forgotten?

 

Article 17 of the GDPR is the first time that the right to be forgotten was codified. This is significant because data erasure obligations expand the measure of control individuals and other entities have over their personal information.

 

When can EU and EEA residents request the erasure of personal information?

 

EU and EEA residents can justify their data erasure request based on the following circumstances, according to EU GDPR.org:

 

  • When the personal data is no longer needed for the purpose for which it was collected or processed.
  • When consent is withdrawn for the use of personal information.
  • When there are objections to the processing of personal data, and there are no overriding legitimate grounds to justify the continuation of the data processing.
  • When the processing of personal data is unlawful. (Chapter 2, Article 6 of the GDPR describes the principles that determine the lawfulness of any data processing activity.)
  • When the erasure complies with a legal obligation based on an EU member state law.
  • When the personal data is used to offer information society services to a child.

 

Can data erasure requests be denied or rejected?

Yes.

 

The right to erasure is not absolute or guaranteed when personal information is necessary for any of the following reasons:

 

  • To exercise the right of freedom of expression and information
  • To comply with a legal obligation which requires processing by Union or Member State law to which the controller is subject
  • To perform a task carried out in the public interest or in the exercise of official authority
  • To serve archiving purposes in the public interest, scientific research historical research, or statistical purposes
  • To establish, exercise, or defend legal claims

 

To learn more about the GDRP and how it affects your business, talk to FilePino. Call +1.806.553.6552 (USA) or +63.917.8922337 (Philippines), or send your inquiries here.