Skip to content

GDPR Step 04: Erasure Requests for GDPR

The right to erasure requires the same broad steps as the right to access but with some additional considerations:

Provide users with ways to submit their access requests

To fulfill this obligation, you must provide consumers with one or more secure ways to submit a request in your Privacy Notice. Typically, these are:

  • A form or Privacy Center to automatically accept requests from consumers.
  • An email address or customer support system to intake consumer requests.

2. Collect information necessary to identify users

As the business receiving the request, you are responsible for verifying the identity of the consumer.

To minimize privacy risks, you should not request additional information that you do not already have to verify a user’s identity. For example, if you don’t already have their driver’s license, don’t ask for it to process privacy requests.

The most common method to verify a user’s identity is sending a verification code to their email address or phone number. This MFA code will help you confirm the identity of the consumer making the request.

3. Delete their personal data from your systems

After approving users' deletion requests, you must then delete all of their data from your business systems, as well as the systems from third-party vendors you employ.

If you are doing this manually, take care to ensure you are not deleting confidential company information, information necessary for reporting or regulatory purposes, or data belonging to other users.

Note: you may retain personal information for regulatory obligations. For example, if you’re a retailer, you may need to retain order history information and the consumer's state of residence to calculate taxes for reporting purposes.

The deletion request process can be costly, labor-intensive, and risky. Therefore we strongly recommend using an automated system such as the Fides privacy engineering and intelligence platform to automate this process end-to-end for you.

💡
Looking for more help with how to ensure personal data is deleted across your systems? Ask a question now on the Fides Slack Community (opens in a new tab).

For more information about the Fides Privacy engineering and intelligence platform, get in touch now (opens in a new tab).