• Sue Berry
    7
    GDPR gives everyone the right to be forgotten. That means that an individual can ask for their data to be erased. They can make this request in writing or verbally and the request has to be complied with by the data controller within one month. I suggest that you make sure you have a process in place to log verbal requests, as well as written requests, for data erasure.

    If the data is held by reason of consent - for example, to send marketing information - then you must comply and erase the data. However, there are some occasions where you don’t have to comply with the request - for example where you need to keep the data for a legal reason. This might be holding and processing data to pay your employees or manage statutory payments such as sick pay and maternity pay. There are tax-year timescales you’ll need to comply with and hence will need to retain the data needed.

    If you believe you have a compelling legitimate reason to keep data, but you want a second opinion, give us a shout. Would be interested generally in other legitimate reasons folk will have to share.
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment

Welcome to our TimelessTime Community - come on in.

You'll benefit from facilitated learning though debate with like-minded peers. You can ask questions. You can share your knowledge by answering questions. You can access our Level 7 Training, and check the book reviews.

And the best part - it's all free.