Right to be Forgotten

Right to be forgotten is individual’s (data subject’s) right to demand companies to erase or anonymise their personal data (this is called “right to be forgotten” or “right for erasure” in GDPR terms).

According to GDPR, “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay”. “Undue delay” should be understood as the latest within one month of receipt of the request for erasure or receiving identity verification or a fee, if such can be applied.

The data subject has the right to have their personal data erased if:

  • The personal data is no longer necessary for the original purpose of collection or processing.
  • The company is relying on a data subject’s consent as the legal basis for processing the data and that individual withdraws their consent.
  • The company is relying on legitimate interest as its legal basis, the data subject objects to this processing, and there is no overriding legitimate interest for the organisation to continue with the processing.
  • The company is processing personal data for direct marketing purposes and the data subject objects to this processing.
  • The company processed a data subject’s personal data unlawfully.
  • The company must erase personal data in order to comply with a lawful obligation.

However, a right to process someone’s data might override their right to be forgotten in the following situations:

  • The data is being used to exercise the right of freedom of expression and information.
  • The data is being used to comply with a lawful obligation.
  • The data is being used to perform a task that is being carried out in vital or public interest.
  • The data is being used for the establishment of legal defence or in the exercise of other legal claims.
Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts

dpa gdpr

Data Protection Authorities (DPA)

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the application of the GDPR. They

Read More »

Zpracovává vaše společnost osobní údaje?


Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje

 

Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 


Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?


Kas teie ettevõte kogub ja töötleb isikuandmeid?


Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?


Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data