Skip to content

GDPR Article 17: Right to Erasure

Cat Coode 12/23/19 10:45 PM

Table of Contents

GDPR Article 17 is Right to Erasure (right to be forgotten).

Article 17: what it is 

This is where a user can disappear from a system.

Also known as the Right to Deletion or the Right to Be Forgotten, the data subject has the right to have their personal data removed from a company's databases and systems such that there is no way for any remaining data to identify them as an individual.

Why it is important for the Data Subject

In this digital world, every system and service that a data subject uses leaves behind a digital footprint. This footprint will include the data they have input themselves but may also include data about how they use the service as well as inferred data gathered from demographic assumptions or online connections. If a user wants to quit a system or service, they should be able to take all identifiable data with them.

What it means to the organization 

Data subjects will be able, at any time and free of cost, to ask to remove themselves from a system or service. Though they have the right to ask, there are legal exceptions to refuse due to the need to retain some or all of their personal data. If this is the case, it will need to be clearly outlined in the Privacy Policy.

If a user does request to be removed, the requirement is for Personally Identifiable Information (PII) only. Constructing the service or application in a way that decouples PII from other data will allow companies to continue to process and analyze non-personal data. This can be done by anonymizing the data and ensuring no combination of what is left can be used to identify a single person.

User data is accessed via the Data Subject Access Request process. Deletion will require its own process depending on need for approval and anonymization techniques.

Real world example 

A drugstore sells items online for home delivery. Users sign-in to make an account. The account includes basic personal details as well as their financial details, address, and purchase history. A user decides to leave the service and requests to be erased. The drugstore company finds enormous value in their purchase history in order to predict what other similar consumers may buy. They decide to design their system to keep purchase history connected to a unique identifier and then keep that identifier with the user’s personal information. Upon request for erasure, the company deletes the user’s personal information. They are left with the purchase history associated only to non-identifying information such as gender and age. There is no way to tie the purchase history back the user so they have effectively been removed.

Questions about GDPR and the Data Subject Rights? Check out our full article on GDPR or get started managing and automating GDPR requests.

Cat Coode