A major concept of the General Data Protection Regulation (GDPR) is the increase in power that citizens have over their personal data. There are currently laws in place which allow customers/clients/citizens to request for their personal data to be removed under certain, very specific circumstances.

The updates to this, that will be brought about by the GDPR, allow for this request for removal to be immediately undertaken, with a further and more broad range of circumstances applying. Before, the request could only be passed for a strict list of reasons.

Purpose of the Article

Article 17 was written with the idea of 'right to erasure' behind it. The title of this article itself is this concept of each person having the right to wipe any personal data that a data storer has on them which is no longer needed or has been unlawfully collected.
This means if someone takes out services with a company and then no longer requires their services, and the citizen is no longer their customer/client, the citizen can request that the date is removed and the company must abide by this.

Confusion/Vagueness

There is confusion as to what ‘removal of personal data’ may mean. There’s a big difference between the ‘Right of Oblivion’ and ‘Right of Erasure’, with Oblivion meaning complete destruction of the data and it being wiped forever, and Erasure meaning it’s simply no longer accessible to anyone - masking the data but not completely wiping it off the face of the earth.

What to expect in May

The ICO (Information Commissioner’s Office) seems to be serious about cracking down on organisations who will not be abiding by the regulations in general. As this Article in the GDPR directly relates to citizens themselves, this is likely to be the easiest breach for the ICO to catch organisations out on, as citizens are likely to complain to the ICO if an organisation doesn’t respond appropriately to their request for erasure.

It’s impossible for them to check every organisation, so citizens’ complaints may be what launches many investigations.

Further Reading

For more information please visit https://blogdroiteuropeen.com/2017/05/25/what-should-be-forgotten-time-to-make-sense-of-article-17-gdpr-from-the-point-of-view-of-data-controllers-by-pieter-van-cleynenbreugel/ and for more of our articles on GDPR, please visit https://www.ec2it.co.uk/it-support-news-and-blog/gdpr/