• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Uncategorized  /  Right to Be Forgotten – When It Applies & When It Doesn’t
09 April 2019

Right to Be Forgotten – When It Applies & When It Doesn’t

Written by Ankita Ashesh
Ankita Ashesh
Uncategorized
  • 8
    Shares
Estimated reading time: 2 minutes

One of the most complex topics in the European Union’s landmark General Data Protection Regulation (GDPR) is the Right to be Forgotten, also known as the Right to Erasure. On the outset, the concept seems simple – individuals can request for their personally identifiable data to be removed if they have provided it to a data controller, hence they can be “forgotten”.

But, in a world of connected data where information is shared across servers, people, territories and what not, the Right to be Forgotten is a complex regulation which has many enterprises tripping up after the implementation of GDPR. While the moral and philosophical effects of this rule are for a different topic, this article tries to understand this right and explain where and when it applies.

The role of personal data

The first point to keep in mind is that this is not an absolute right. The Right to Erasure or Right to be Forgotten is provided to all individuals but only if they meet certain specifications. As the specific Article 17 of the GDPR regulation says:

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

The criteria to meet

This makes it clear that an individual cannot randomly request to be forgotten. They must fit some of the criteria – i.e. their personal data is no longer necessary in relation to the reason for its collection, the consent has been withdrawn, etc. This is a point which enterprises must keep in mind when considering the right to be forgotten requests.

Furthermore, the same article also makes it clear that enterprises do not have to comply with the request in case of the following circumstances:

  • for exercising the right of freedom of expression and information
  • for compliance with legal obligations
  • for reasons of public interest in the area of public health
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
  • for the establishment, exercise or defense of legal claims.

Hence while enterprises must comply with GDPR requirements which also involved compliance with a user’s right to be forgotten, they must also work according to the clauses provided in the article. It is important that there is recognition that GDPR is more than just security compliance; it is a regulation with both legal and social consequences.

 Previous PostJCry – A Ransomware written in Golang!
Next Post  Seqrite MobiSMART for GDPR Compliance
Ankita Ashesh
About Ankita Ashesh

...

Articles by Ankita Ashesh »

Related Posts

  • Gorgon APT fractures India’s Industrial Backbone

    Gorgon APT targeting MSME sector in India

    August 10, 2020
  • Way Out of The MAZE: A Quick Guide For Defending Against Maze Ransomware

    May 21, 2020
  • The-need-for-businesses-to-empower-the-CISO

    Why do boards need to empower their CISO?

    October 22, 2019

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.