Your right to erasure (Article 17)

right to erasure

What is the right to erasure?

In the GDPR, the right to deletion is also called the right to erasure, or “the right to be forgotten”

You can request your data to be deleted, if there is no legal basis to keep it (anymore) or if processing the data was illegal in the first place. Under the law, any company should automatically stop processing your data if there is no legal ground anymore – the right to erasure is basically a reminder for the company that they should take immediate action.

As the right to erasure only applies if data is processed unlawfully, you cannot just request erasure, but must first understand if the processing is legal. If you are not sure, nothing prevents you from requesting erasure to see if a company has a good argument why they can’t delete data.

Your request to deletion may be refused if:

  • The national law applicable provides exemptions. These exceptions are most commonly to be found in the field for law enforcement and police, national security, or taxation.
  • Keeping or using the data is necessary for the freedom of expression, information or public health reasons.
  • The data must be processed in order for the company to comply with a legal obligation (e.g. national tax laws).
  • Deleting the data would seriously impair or render processing of statistical, historical or scientific information impossible.
  • Keeping the data is necessary for taking or responding to a legal claim (that is already taking place at the time you make your request).

The company will have to demonstrate that an exception applies to your specific circumstances.

How can I exercise the right to deletion?

  • You can just send an informal message to the company or use a template
  • Specify which data should be deleted
  • You may want to request that the deletion is forwarded to anyone that company has shared your data with

What are the consequences of the right to deletion?

  • The data must be deleted

Typical Problems

  • Companies sometimes come up with different reasons why it is necessary to keep the data
  • It’s difficult to get proof if everything was deleted

Exercising your rights under the GDPR is simple and an informal email is sufficient in most cases. Still, there are some elements to keep in mind. Click here, if you are interested in helpful tips!