Right to be forgotten which is also known as the Right to Erasure or Right to be Deleted is stated in GDPR. It refers to the right of individuals to have their personal data deleted.
The right to be forgotten, as used in Article 17 in GDPR, states that an individual can request and obtain the erasure of their data. The act must be done within approximately a month. However, this right is not ultimate. The right to be forgotten applies in specific situations, which include:
On the other hand, a company can refuse to delete an individual’s data for certain reasons that include:
All of the specific situations for both the compliance with the request and its refusal can be found in Article 17 in GDPR or on the official GDPR website.
Understanding the right is important for any business to assess whether the company must oblige or if it can refuse. If your company must oblige with the request of an individual, it is necessary that the data subject is verified and her data located. Moreover, if your company refuses, it must be able to prove what the data is used for and when and how it was collected. In both cases, your company needs to have an audit trail running smoothly.
A good consent audit trail can ensure your company has evidence to prove consent choices of collected personal data. An audit trail paired with a well-written privacy policy can help your company avoid a lot of trouble and help your company develop trust towards your customers.
Find out more about how Openli can help you become GDPR compliant here.
Learn more about Privacy Hub →