General Data Protection Regulation (GDPR) applies to the EU citizens and the businesses who operate with them even if they are outside the EU in order to protect the privacy rights of the data subjects. The EU parliament adopted the right to be forgotten or the right to erasure in 2014 to give the individuals a right to a data erasure request from the companies. Complying with this law can, surely, be a burden on most organizations, therefore, an efficient data privacy tool like Ethyca makes compliance with GDPR a breeze.
If you’re interested in knowing the details regarding the right to be forgotten, this article will provide you with everything you need to know about it. Read below!
What Actually Is the Right to Be Forgotten
Article 17 of the GDPR states that the data subject has the right to get their personal data deleted by the controller (holder of the data) without undue delay, where applicable.
Here, an undue delay means that it shouldn’t take more than 1 month for the organization to get the personal data removed.
When Is the Right to Be Forgotten Applicable
The right to be forgotten is only “valid” when it fulfills one of the conditions listed below:
- The personal data of the subject was unlawfully processed by the holder.
- The data of the subject is outdated or irrelevant on the internet.
- The data was stolen and modified.
- The company is using the individual’s personal data merely for marketing purposes.
- The data that the holder originally collected no longer serves the primary purpose.
What Are the Exceptions to the Right to Be Forgotten?
The right to be forgotten doesn’t apply to the individuals in the following conditions:
- The data is essential for the health of the public.
- The data holds significance for scientific or historical research, so it should be made available to the public.
- The data is being used for a legal proceeding.
- The data must be made available to exercise the right of freedom of information and expression.
In addition to this, an organization can ask for a “reasonable” fee from the data subject or reject their request on the basis that the request is excessive or unfounded.
Right to Be Forgotten Request Template
The request for data erasure can be made verbally as well as in writing by the individual. The data subject is not obliged to request a specific authority in the company as they can make a request to any member of the company.
Therefore, it’s better to use a template to streamline the process and make alterations to it to meet the needs of your organization.
The Pros and Cons of Right to Be Forgotten
This law may be beneficial for individuals to protect their data privacy, however, it also has its concerns. The major pros and cons are jotted down below:
- The right to be forgotten allows you to get your information removed from a past upload.
- It gives you an opportunity to take a fresh start, and you can calmly apply to the jobs you want without fearing the judgment of information present on the internet.
- It helps you to maintain your personal and financial security.
- You may not always be able to get your request approved as the exceptions listed in the GDPR article 17 may outweigh it.
- It can limit the freedom of media and journalists.
- The right to be forgotten may lead to a lack of transparency on the critical information of individuals.