At a glance:
||The right to erasure enables an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.|
When should personal data be rectified, erased and restricted?
Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
If the controllers have disclosed the personal data in question to third parties, then
they must inform them of the rectification where possible.
Controller must also inform the individuals about the third parties to whom the data has been disclosed where appropriate.
Individuals have a right to have personal data erased and to prevent processing in specific circumstances:
|| the lawful basis for the processing is the data subject's consent, the data subject withdraws that consent, and no other lawful ground exists;|
||the data subject exercises the right to object, and the controller has no overriding grounds for continuing the processing;|
Data subjects have the right to restrict the processing of personal data where:
||the controller no longer needs the data for their original purpose, but the individual requires the data to establish, exercise or defend a legal claim.|
||the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; or|
When should the controller not comply to the request for rectification and erasure?
For the establishment, exercise or defence of a legal claim.
||For the purpose of historical, statistical or scientific research;|
||For compliance with a legal obligation to process the personal data to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or|