As head of the commercial team Luisa has a wealth of commercial law experience and advises clients…View Profile View all
What is the right to be forgotten?
Under the General Data Protection Regulation (GDPR), which came into force on 25 May 2018, individuals have the right to request that they be forgotten (also known as ‘erasure’) under certain circumstances. These include:
However, this is not an absolute right, and an individual’s right to be forgotten may not apply if there is a competing requirement for the data to be retained, such as if it is in the public interest to retain such personal data or if the personal data must be stored for a legal claim or defence.
What must I do if I receive a request?
If an individual requests that you remove their personal data from your records, and you consider that one of the exceptions does not apply, you must find and delete all instances of that individual’s personal data without undue delay and within one month of receipt. You must also tell organisations to whom you have disclosed the data. Questions to consider:
Forget it or be fined
In the event of non-compliance, your organisation may be liable to an administrative fine of up to an amount corresponding to 4% of the total annual global turnover for the previous year.
So, how do I prepare for the first request?
If you require any guidance in relation to GDPR, our commercial team would love to help you. Please contact them on 0113 849 4000.