🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 17 of the GDPR: Right to erasure ("right to be forgotten")

Home GDPR articles decrypted Article 17 of the GDPR: Right to erasure ("right to be forgotten")

Article 17 of the GDPR introduces the right to erasure, also known as the "right to be forgotten". It allows any data subject to request the deletion of their personal data in certain specific situations.

Article 17 of the GDPR explained

The data subject may obtain erasure of his or her data without delay if:

  • The data is no longer necessary for the purposes of the processing;
  • She withdraws her consent (and no other legal basis justifies the processing);
  • She objects to the processing and there is no compelling legitimate reason;
  • The data has been subject to unlawful processing;
  • The data must be deleted to comply with a legal obligation;
  • The data was collected as part of offering services to a child.

The data controller must also take reasonable steps to inform third parties with access to this data of the erasure request.

Why is this article important for your GDPR compliance?

Article 17 is an emblematic right of the GDPR. It guarantees individuals a strengthened control power on their personal data. Failure to comply may result in complaints to the CNIL and significant administrative sanctions.

How to comply with Article 17 of the GDPR?

  • Set one up procedure for processing erasure requests.
  • Check that you can identify and delete data across all your systems (including backups, archives).
  • Keep a record of requests and decisions made.
  • Inform relevant subcontractors and third parties when the data has been shared.

Examples of application of Article 17 of the GDPR

  • A user closes his account on a platform: his data is deleted within a reasonable time.
  • An employee requests the deletion of their HR data after their departure, unless there are legal retention obligations.
  • A person withdraws their consent to the newsletter: their email address is deleted from the database.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

👉 Request a demo with an expert

⚡ Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.

👉 GDPR: Self-assess now

Other articles
on the same subject