Q&As

When complying with a data subject erasure request, do we have to delete information in our backups?

read titleRead full title
Published on LexisPSL on 08/11/2018

The following Risk & Compliance Q&A provides comprehensive and up to date legal information covering:

  • When complying with a data subject erasure request, do we have to delete information in our backups?

Article 17 of Retained Retained Regulation (EU) 2016/679, UK General Data Protection Regulation (UK GDPR) grants data subjects the right to have their data erased (a right to be forgotten) in certain circumstances. See Practice Note: Data subject rights—rectification, erasure and restriction of processing.

You can refuse to act on a valid erasure request:

  1. which is manifestly unfounded or excessive, in particular because of its repetitive character. You bear the burden of demonstrating the request is manifestly unfounded or excessive. See further: ‘Refusing to deal with a request’ in Practice Note: Data subject rights—rectification, erasure and restriction of processing—Complying with rectification, erasure or restriction requests and Q&A: Refusing a data subject request—what is ‘manifestly unfounded or excessive’?

  2. if you can demonstrate that you are not in a position to identify the data subject (eg if you have deployed anonymisation me

Popular documents