Right to be forgotten article 17 is protected under the General Data Protection Regulation. This aims to provide greater data protection to all individuals.
A right to be forgotten request can be a really powerful way to remove negative personal information. It is very easy to submit a request. Further, a company is required to reply within 30 days of submitting the request. Therefore, it is a quick and efficient way of removing negative information.
In this article, we provide an in-depth guide on the right to be forgotten article 17.
Contents
Right To Be Forgotten Article 17: Overview
Right to be forgotten article 17 provides individuals with the right to control their personal information. An individual can submit a request under the right to be forgotten for permanent removal of their information.
In order to exercise the right to be forgotten, you need to submit an oral or written request to the company which is stored, processed, or distributed your data. This request can also be made to an employee of the company.
Right To Be Forgotten Article 17: Necessary Conditions
Right to be forgotten article 17 provides certain conditions in which the right is available. These conditions are limited to make sure that the right is not abused. This includes the following:
- The information was collected without the consent of the data subject.
- The information was collected and processed with the consent of the data subject, but she has now withdrawn it.
- The information was collected in an illegal or unlawful manner.
- The information was collected for a particular purpose, and it no longer serves that purpose.
- There is no overriding legitimate purpose for continuing the processing of the information.
- The information needs to be removed in order to comply with the law.
Article 17 also provides certain exceptions when a company does not need to delete personal information. This is done to balance the rights of the companies with the rights of the individuals. The exceptions are listed below:
- The information is being shared in an exercise of the companies’ right to freedom of speech and expression.
- The information is being used to develop a legal defense.
- For some sensitive information, it is necessary for scientific and medical development.
- The information is being shared to comply with the law or the legal order.
- Sharing the information is in the interest of the public.
If any of the conditions are met, then the company has a right to refuse the removal of information.
Right To Be Forgotten Article 17: Sample Request
There is no standard way of submitting a right to be forgotten article 17 request. This is done to ensure that there is enough flexibility in the process. It protects the data subjects and gives them a better opportunity of submitting requests.
All you need to do is be mindful of some important information. There is just includes the basic details so that the company has all the necessary information before making a decision.
This includes the following:
- The name and personal details of the person submitting the request. This also includes proof of identity and proof of address.
- The name and personal details of the data subject along with a proof of identity and proof of address.
- The specific details of the information need to be removed.
- The reason for which a request is submitted.
This will provide all the basic information regarding the data subject, the information as well as the reason for requesting removal.
FAQ
-
What is right to be forgotten article 17?
Right to be forgotten article 17 is a data protection right. An individual can submit a request for the removal of her personal information.
-
Does a company have the right to be forgotten?
No. As per the General Data Protection Regulation, the right to be forgotten is only available to individuals and not companies or organizations.
-
What does “personal data” include?
Personal data includes information such as your contact details, address, criminal history, etc.
-
How is a right to be forgotten request processed?
Once you submit a request, it needs to be processed within 30 days. Every company has a different mechanism for doing this. The GDPR does not prescribe any strict steps.