Written by Laura Edwards. Published on Fresh Business Thinking.
GDPR will be implemented in 2018. The EU has created this policy to be up to date for the digital age and put individuals back in control of their personal data. One specific part of GDPR is the right to erasure, also known as the right to be forgotten. This means that individuals will be able to request the removal of their personal data regardless of the reason.
Where does this apply?
The implementation of GDPR and the right to erasure will give people a lot more power and rights over their data, however, this doesn’t actually mean an absolute right to be forgotten. Individuals will have the right only in certain circumstances.
Specific circumstances include:
For example, purposes such as, complying with legal obligations, public health purposes and to exercise the right of freedom of expression and information. A case by case assessment will be needed to consider the type of information, the sensitivity of the individual’s private life and public interest in having access to the information.
Children will also be affected by the GDPR law as there will be extra requirements due to the enhanced focus on protection of personal data online. If data is processed on children, when consent had been given previously, and the children request the right to erasure at a later date, then this requires special attention, because children may not have been aware of the risks when initially consenting.
Overall, organisations must accept that personal data rights will be changed to give more rights back to the individuals as opposed to the data controllers. The right to erasure will mean that organisations will need to create a simple process for individuals requesting a right to erasure.
Written by Laura Edwards.