What is the Right to Erasure?
The Right to Erasure also known as the ‘Right to be Forgotten’, is a new right being introduced to individuals under the GDPR. The underlying principle of this right is that when there is no compelling reason for their data to be processed, the data subject can:
- Request the data controller erase/remove their personal data.
- Stop any further distribution of their personal data.
- Potentially stop third parties from processing their personal data.
When is the Right to Erasure applicable?
The Right to Erasure isn’t always applicable, with companies only needing to comply under certain circumstances. Individuals have the right to have their data erased and stopped processing:
- When the original purpose for the personal data is no longer necessary or the data itself is no longer necessary for the purpose.
- When the individual no longer consents.
- If the individual objects to their data being processed and there is no legitimate reason to override this objection.
- If the data being processed relates to the offer of information society services to a child.
- If the data is ever processed in breach of data protection regulations (i.e GDPR).
- There is a legal obligation to erase the data.
Why is the Right to Erasure important?
To consumers, this greatly increases the control they have over the distribution and expiration of their personal data compared to the previous Data Protection Act. Where previously they had to prove the processing was causing damage or distress, they now need to only fit into any of the above circumstances.
For organisations, there are several implications. The change increases their need for the ability to be able to:
- Prove the relevancy and need of all the data they hold.
- Identify and gather all the data relating to any one data subject if they do exercise their Right to Erasure.
- Make it quick and simple for individuals to request their data be erased.