Right to erasure (“right to be forgotten”)

The right to erasure, defined in Article 17 of the GDPR, grants data subjects the ability to request that the data controller delete their personal data under specific circumstances. This right is also commonly known as the “right to be forgotten” and aims to ensure that personal data is not retained longer than necessary and is removed in certain situations to protect the rights and freedoms of the data subject.

The six situations in which a data subject can exercise the right to erasure are:

  1. No longer needed for the original purpose (or retention period expired)
    The personal data is no longer necessary for the purposes for which it was collected or processed.
  2. Withdrawal of consent
    The data subject withdraws consent on which the processing is based, and there is no other legal ground for continuing the processing.
  3. Objection to processing
    The data subject objects to the processing, and there are no overriding legitimate grounds for continuing the processing.
  4. Unlawful processing
    The personal data has been unlawfully processed.
  5. Legal obligation
    The personal data must be erased to comply with a legal obligation under European Union or Member State law to which the data controller is subject.
  6. Minor’s data collected by information societies without parental consent
    Personal data of a minor under the age of 16 (the age established in Italy) was collected and/or processed by an information society service (e.g., online platforms, social media, apps, websites) without parental consent, in violation of Article 8(1) of the GDPR.

However, the right to erasure is not an absolute right and may be restricted in some situations. For example, the data controller may refuse to delete personal data if the processing is necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest in public health, for archiving purposes in the public interest, or for the establishment, exercise, or defence of legal claims.

Trust Guardian’s approach to the right to erasure
Trust Guardian supports businesses in managing erasure requests by allowing centralized tracking of all requests received from data subjects in the Rights Management section. Data subjects can exercise their right to erasure of their data via myPrivacy.

Legal, ICT, marketing: comprendiamo le tue necessità

Vogliamo sollevarti dai grattacapi nella gestione di consensi e privacy dei clienti.

legal1 legal2

Come DPO, Legal & Compliance voglio gestire le contestazioni e recuperare prove e fatti
ict1 ict2

Come ICT voglio mettere ordine nei flussi di gestione della privacy dei clienti
marketer1 marketer2

Come Marketer voglio lavorare in tranquillità e sicurezza

Trust Guardian è perfetto per diversi casi d’uso

Ecommerce basket

Solutions for trade shows and events
Fidelity card

Solutions for Loyalty Cards
Stand

Solutions for Marketers
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.