Skip to content

Definition: Right to be Forgotten / Data Erasure (GDPR)

The Right to be Forgotten, formally known as the Right to Erasure under GDPR (Article 17), entitles an individual (data subject) to request that an organization (data controller) delete their personal data without undue delay under specific circumstances.

Key Aspects:

  • Conditions for Erasure: Applicable grounds include situations where the data is no longer necessary for the purpose it was collected, the individual withdraws consent (if consent was the legal basis), the individual objects and there are no overriding legitimate grounds, the data was unlawfully processed, or deletion is required for legal compliance.
  • Obligations: Requires the data controller to erase the personal data, take reasonable steps to inform other controllers processing the data about the erasure request, and potentially cease further dissemination.
  • Impact: Necessitates robust data management capabilities to identify, locate, and securely delete specific individual data across various systems, including active databases and archives. Features like MARS HSS Repack (data deletion capability - p41) can assist in fulfilling these requirements within archived data.