Right of deletion under the GDPR – How to respond

Data subjects have the right to request for their personal data to be deleted.

GDPR and right of deletion – Important considerations

  • Before you do anything, you need to verify the identify of the requestor
  • You should respond to the request within one month. We advise to acknowledge the deletion request asap. Where requests are complex or numerous, you are permitted to extend the deadline to three months while explaining why the extension is necessary.
  • If deletion is not supported by the software, consider data anonymisation.
  • Make sure not to overlook any systems. Personal data is often kept in both electronic and paper based correspondence. GDPRWise users you can consult the system section in your Dossier to make sure you do not overlook anything.
  • You should only delete the data that you are not legally required to keep in order to continue to meet your legal and contractual obligations! GDPRWise users can consult the retention period for the affected processing activities.

Compliance with data deletion requests – Free GDPR Templates:

Use the below templates to acknowledge and respond to the request.

 

Check other useful GDPR Templates