The growing use and storage of data at companies has led to a series of associated rights and obligations. The Right to Erasure is among these, guaranteeing greater control for citizens over their data within the structure of a database of any organisation.
What is the Right to Erasure and how to efficiently comply with the Data Protection Law in information systems efficiently? We share all the key aspects.
It is the right to prevent the dissemination of personal information through the Internet when its publication does not meet the requirements of adequacy and relevance provided for in the regulations.
The Right to Erasure directly affects companies, which are required to guarantee compliance with this obligation, and which may be fined for non-compliance.
It is therefore vital to achieve what is known as data governance; that is, to be aware of the data possessed and to apply the necessary blocking and deletion in accordance with the law.
Nevertheless, this has entailed an important step for many companies. In 2019, the majority of companies surveyed claimed to be in “reasonable compliance” with GDPR obligations. The outlook has moved on today, but data governance remains a challenge for many companies.
But what exactly are the obligations of companies to comply with the Right to Erasure?
In essence, companies must:
The automation of the operations described above is essential for companies to ensure compliance with the Right to Erasure.
In this context icaria GDPR appears, the solution from icaria Technology for blocking and deletion of personal data in production environments.
Thanks to this platform, companies can access data governance more effectively, covering the whole process in data structures.
Being compatible with more popular databases, icaria GDPR allows:
icaria GDPR facilitates the management of the blocking period and final deletion of the data structured through the following facilities:
Ultimately, it is about generating a life cycle management for each seed or structure of the information of each person, facilitating the extraction, storage, dissociation, restoration and deletion of the data when applicable.
The Right to Erasure and the Right to be Forgotten, despite being closely related, are two different concepts.
Firstly, we have defined the Right to Erasure as the right to a person’s data being deleted and cancelled, and in general applies to the databases of companies and other organisations.
Secondly, the Right to be Forgotten is one of the key manifestations of this Right to Erasure: it is the right of citizens for their personal data left untraceable on the internet, and therefore mainly applies to search engines (such as Google).
This Right to be Forgotten applies to information which is now obsolete or which is of no public relevance or interest. Thus, search engines are obliged to remove this data from their pages of results when they are linked to the name of a person.
Companies' management applications compile and store personal data which, like other data, may be subject to the Right to Erasure.
Email addresses, telephone numbers, age, DNI identity numbers, bank data, etc. are just some of the data which may be stored in this context.
Their management, blocking and subsequent deletion entail another of the obligations that companies must fulfil to be aligned with the legislation. Again, automation through tools such as icaria GDPR facilitates this task.
Do you want to know more about the Right to Erasure of data on information systems and how to apply it at your company? Request a demo of icaria GDPR and discover what this platform can do to help your business comply with the law on data protection.