Right of deletion under the GDPR – How to respond
Data subjects have the right to request for their personal data to be deleted.
GDPR and right of deletion – Important considerations
- Before you do anything, you need to verify the identity of the requestor
- You should respond to the request within one month. We advise you to acknowledge the deletion request asap. Where requests are complex or numerous, the deadline can be extended to three months while explaining why the extension is necessary.
- If software doesn’t support the deletion, consider data anonymisation.
- Make sure not to overlook any systems. Personal data is often kept in both electronic and paper based correspondence. As a GDPRWise users, you can consult the system section in your Dossier to make sure you do not overlook anything.
- That is to say, you should only delete the data that you are not legally required to keep in order to continue to meet your legal and contractual obligations! GDPRWise users can consult the retention period for the affected processing activities.
Compliance with data deletion requests – Free GDPR Templates:
Use the below templates to acknowledge and respond to the request.
Check other useful GDPR Templates