Understanding Right to Erasure
Overview
The right to erasure, also known as the "right to be forgotten," applies in specific circumstances.
Conditions for Erasure
- Personal Data No Longer Necessary: Data can be erased if it's no longer needed for the purpose it was collected or processed.
- Withdrawal of Consent: Erasure is applicable if consent, the lawful basis for processing, is withdrawn by the individual.
- Objection to Legitimate Interests: If an individual objects to processing based on legitimate interests, erasure may apply unless there's an overriding legitimate interest.
- Other Circumstances: Erasure applies in cases of direct marketing, processing of data for children, unlawful processing, or compliance with legal obligations.
Exceptions to Erasure
The right to erasure does not apply if data processing is necessary for:
- Freedom of expression and information
- Legal obligations or public tasks
- Archiving or scientific research
- Establishment, exercise, or defence of legal claims
For special category data, exceptions include processing for public health or preventive medicine.
Request Process
- Submission: Requests for erasure can be made verbally or in writing to any part of the organisation.
- Response Time: Organisations have 28 days to respond to requests.
Refusal of Request
Organisations can refuse to comply with a request if it's deemed manifestly unfounded or excessive. In such cases:
- A "reasonable fee" can be requested to process the request.
- Organisations must justify their decision if refusing to deal with the request.