The General Data Protection Regulation (GDPR) is a set of rules established by the European Union (EU) to govern how personal information is collected, stored, and used by companies all over the world.
Since taking effect in May 2018, the GDPR has created a regulatory environment that protects the data rights of residents of the EU and the European Economic Area (EEA) while also catering to the best interests of businesses operating in the digital economy.
One of the pertinent provisions in the GDPR is the right to erasure, also known as the “right to be forgotten.” It is one of the eight rights listed and described in Chapter 3 of the GDPR.
What is the right to erasure?
In summary, individuals have the right to request the permanent removal of their personal information from a data controller’s records or databases. This way, the data may no longer be accessed, processed, and disseminated to other individuals or organizations.
Residents of the EU and the EEA can request erasure of their personal data through verbal or written means. While data erasure requests do not require any specific form, data owners, also referred to as data subjects, must be able to provide suitable proof of their identity.
Data controllers must comply with erasure requests immediately. If delays cannot be avoided, the data controller must provide the person requesting the erasure with sufficient information about the measures taken or any reason for the refusal of the request.
The data controller must also take reasonable measures to inform other organizations of the erasure. This applies to personal data that has been disclosed to other data controllers for processing, as well as to personal data that has been made public in online platforms, such as social networks, forums, or websites.
Why is it important for the GDPR to include the right to be forgotten?
Article 17 of the GDPR is the first time that the right to be forgotten was codified. This is significant because data erasure obligations expand the measure of control individuals and other entities have over their personal information.
When can EU and EEA residents request the erasure of personal information?
EU and EEA residents can justify their data erasure request based on the following circumstances, according to EU GDPR.org:
Can data erasure requests be denied or rejected?
The right to erasure is not absolute or guaranteed when personal information is necessary for any of the following reasons:
To learn more about the GDRP and how it affects your business, talk to FilePino. Call +1.806.553.6552 (USA) or +63.917.8922337 (Philippines), or send your inquiries here.