Deletion concept: The right to deletion in the GDPR

With the GDPR is the right to Deletion the Right to be forgotten was added.

This means that, in accordance with Article 17 GDPR From a legal point of view, there is no difference between the right to Deletion and the Right to be forgotten gives. The Right to be forgotten has its (recent) origins in the case law of the European Court of Justice (ECJ), which has recognized the Right to be forgotten in an increasingly digitalized world as an essential component of the protection of the Privacy of data subjects (judgment of 13.5.2014 - C-131/12).

The right to Deletion therefore also extends to information that is made publicly accessible via search engines on the Internet, for example.

Companies must delete data

In principle, companies must personal data delete them if they are no longer required for the purposes for which they were collected or otherwise processed. The purpose of the data processing therefore determines the permissible duration of the storage of the processed data, provided that there are no statutory retention periods (Article 17(1) GDPR)
The controller's obligation also includes the obligation to delete data that has already been published (Article 17(2) GDPR). If necessary, a third data recipient must therefore provide information on the Deletion to prevent duplicates from continuing to exist and to prevent the Deletion is fully guaranteed.

To protect children and their activities on the internet, Article 17(1) lit. f GDPR extended. At Consent and provision of their data to online services in accordance with Article 8 GDPRa Deletion of their data, both by the data subject and by their legal guardians.

Regulations of the GDPR

The GDPR does not contain a separate regulation for the Deletion of special categories of personal data. However, the GDPR Exceptions to the right to Deletion and to the Right to be forgotten.
According to Article 17(3) GDPR the Rights of data subjects not, as far as the Processing to exercise the right to freedom of expression and information (Article 17(3) lit. a GDPR), for compliance with a legal obligation or for the performance of a task (Article 17(3) lit. b GDPR), for reasons of public interest in the area of public health (Article 17(3) lit. c GDPR), for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (Article 17(3) lit. d GDPR) or for data required for the assertion, exercise or defense of legal claims (Art. 17 para. 3 lit. e).

In order to ensure legally compliant destruction or Deletion In order to be able to guarantee this, we recommend that our clients take advantage of a comprehensive and customized business plan. Deletion concept to develop. Simple and clear rules for the deletion of personal data, which are set out in a well-structured Deletion concept are defined and summarized, facilitate data protection-compliant management of the personal data processed by you.

To do this, we first help you determine where you have stored the data to be deleted and who has received the data and how. We also provide you with an individual Deletion concept any Duty to inform to data recipients who must be informed of the deletion request.