erase personal information

Can you have your personal data erased?

November 23, 2022

What is the right to erasure?

The ‘right to be forgotten, or the right to erasure, gives individuals the power to request the elimination or removal of their personal data when there is no justifiable reason for its continued processing. This right is not always applicable and only applies in specific situations. For example, data controllers may decline to comply with an erasure request if the personal data is necessary for legal reasons or for the performance of a public interest task. Erasure requests can only be made by individuals contacting the data controller directly, either verbally or in writing. The data controller must then respond within one month unless they have evidence that complying with the request would be excessively difficult. If the data controller agrees to the individual’s request, they must do everything in their power to delete or remove the personal data in question. This might entail changing or destroying any copies of the data that they have on hand. Data controllers should also notify any third parties processing the individual’s personal data of their request for erasure. However, they are not required to take such steps if it would be excessively difficult or impossible to do so. The individual must be notified by the data controller that their personal data has been successfully erased once this has been completed.

When can you request the deletion of your personal data?

You can ask for your personal data to be deleted under the following circumstances: -If the personal data is no longer needed for the purposes it was collected or processed for; -If you revoke your consent for consent-based processing and there is no other legal justification for the processing; -If you oppose the processing in accordance with Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or if you oppose the processing in accordance with Article 21(2) GDPR; -If the personal data has been processed unlawfully; -If erasing the personal data is required in order to comply with a legal obligation under EU or national law; or -If the personal data was collected in relation to information society services offered in accordance with Article 8(1) GDPR. You can discover more information on when and how you can request the erasure of your personal data in our article “Can you have your personal data erased?”

How to make a request for the deletion of your personal data

You may request the deletion of your personal data if you believe that:

-The data is no longer needed for the original purpose it was collected/processed for.

-The data processing was done illegally.

-The data must be deleted to adhere to a legal obligation under European Union or national law.

-You have objected to the processing of your data, and there are no overriding legitimate grounds for the processing. The data has been collected with respect to the offer of information society services to a child. The data controller must take all reasonable steps to delete the requested data unless The processing of personal data is necessary for one of the following reasons:

-compliance with a legal obligation;

-protection of the public interest;

-preventative or occupational medicine;

-public health;

-archiving in the public interest, scientific or historical research purposes, or statistical purposes; or

-the exercise or defense of legal claims.

-processing is required for the task to be carried out in the public interest or with the official authority vested in the controller.

-processing is necessary in order to protect the vital interests of a natural person.

-processing refers to personal data that you have made public.

-processing is essential for bringing, pursuing, or defending legal claims.

You can reach out to the data controller directly to request deletion. If you make the request verbally, the data controller must send written confirmation within one month that they received your request and are taking action. If no action is taken within this time frame, they must give you an explanation as to why. If they don’t plan on taking action on your request, they must also tell you that you have the right to file a complaint with the supervisory authority and take legal action against them.

What are the data controller’s obligations when you make a request for deletion?

If you request that your personal data be erased, the data controller must take reasonable steps to verify your identity. They are not allowed to delete your personal data if they have any doubts about who you are. If they are satisfied that you are the individual the data pertains to, they must delete your personal data within one month of receiving your request. If handling your request would require a lot of effort, the data controller may extend the deletion period by two more months. They must let you know about any extension within one month of receiving your request, along with an explanation for the delay. If the data controller does not delete your personal data within the required timeframe, they must inform you of the reasons for the delay and when they expect to be able to comply with your request.

What if the data controller does not delete my personal data?

If the data controller doesn’t delete your personal data when they’re supposed to, you can file a complaint with the supervisory authority.

Can you have your personal data erased if it has been made public?

If personal data has been made public by the individual it relates to and if the conditions in Article 17(1) of the GDPR are met, then the organization controlling that data must take reasonable steps to tell any other organizations processing that data that the individual has asked for any links to, or copies or replication of, that data to be erased. This must be done taking into account available technology and implementation costs.

What if the data controller needs to keep my personal data for legal reasons?

The GDPR provides you with the right to have your personal data erased – this is also referred to as the ‘right to be forgotten. You can request the erasure of your personal data verbally or in writing. The data controller must take reasonable steps to verify your identity before erasing your personal data. The data controller must provide you with written confirmation of the erasure within one month if you make a verbal request. Your right to have your personal data erased is not absolute. The data controller can refuse to erase your personal data under certain circumstances. If the data controller has a legal obligation to keep your personal data, they can refuse your request. For example, if they need to keep your personal data in order to defend a legal claim or comply with a court order. The data controller may also deny your request if they need to keep your personal data for public interest reasons, such as scientific research or historical research.

What are the consequences of erasing personal data?

If you have your personal data erased, you will no longer be able to use the services that required that data. Erasing personal data is a serious matter, and should only be done if you are absolutely sure that you no longer want to use the service in question. Additionally, erasing personal data may have legal consequences. If you erase personal data that is subject to a legal obligation, you may be in violation of the law. Finally, erasing personal data may also cause problems for the service provider. If the service provider relies on personal data for billing or other purposes, erasing the data may cause problems.

How long does it take for the data controller to delete my personal data?

As stipulated by the GDPR, data controllers must take reasonable steps to delete personal data within one month of receiving a valid request. If the data controller is unable to comply with the request within that timeframe, they must inform the data subject of the reasons for the delay and the earliest date by which compliance will be possible. The data controller may deny a data subject’s request for erasure in specific situations, such as when processing is required for: The ability to express oneself freely and share information. -complying with a legal obligation; or -The legal process of making, pursuing or defending claims. If the data controller refuses the data subject’s request, they must also notify the individual of this decision. The data subject has the right to file a complaint with the supervisory authority and to seek judicial redress.

What happens if I change my mind after requesting the deletion of my personal data?

You are able to withdraw your request for the deletion of your personal data at any time within the timeframe specified in the GDPR. The data controller can be contacted in order to have your personal data restored. If you have requested that your personal data be deleted, the data controller will contact you within a reasonable timeframe to let you know that your request has been processed. You have the right to rescind your request at any time within the timeframe specified in the GDPR if you have requested the deletion of your personal data. If you withdraw your request, the data controller must take all reasonable steps to ensure that your personal data is restored. You can request that your personal data be restored by contacting the data controller.

Conclusion

You have the right to have your personal data erased and to be forgotten under certain circumstances. If you make a valid request, the data controller must take reasonable steps to erase your personal data. Data controllers must also take steps to ensure that personal data that has been erased is not processed further. The right to erasure is not absolute and there are some exceptions, such as if the processing is necessary for scientific research, historical research, or public health purposes. If your personal data has been processed unlawfully, you can also request that it be erased. You should get in touch with the data controller if you want your personal information to be deleted. Data controllers have to answer requests within one month. If your request is complicated or there are a lot of them, the data controller may take up to two more months to respond.

Catch up on more news from RPI!

A man is using a laptop with a red button on it.

Navigating Privacy Settings on Social Media Platforms

 December 12, 2023

Social media has become a ubiquitous aspect of daily life, making the management of privacy settings increasingly vital. This article…

Read More
A blue and white facebook logo on a black background.

Facebook’s Data Retention: What Happens After Account Deletion?

 December 6, 2023

Facebook, with its 2.85 billion users, is a major player in the digital world. Despite its popularity, concerns about data…

Read More
A smartphone featuring a fingerprint scanner for enhanced security.

Personal Data Removal from Mobile Devices: A Step-by-Step Guide

 November 27, 2023

Removing personal data from mobile devices is vital for privacy and security. Smartphones and tablets store extensive personal information; this…

Read More