Right to erasure, also known as right to be forgotten, is a data subject right under the Data Protection Act 2018 and GDPR 2018.
This policy outlines our management of right to erasure requests and the right of data subjects to request the removal of personal data held about them by the data controller (the council). It also outlines the procedure to be followed by data subjects when submitting a right to erasure request to the SSA.
It outlines how we will meet our legal obligations under Article 17 of the General Data Protection Regulation (GDPR) and Section 47 of the Data Protection Act 2018, when we receive a right to erasure request.
This policy will be reviewed at least annually by the DPO to ensure alignment to appropriate risk management requirements and its continued relevance to current and planned operations, or legal developments and legislative obligations.
For further information on how we process your personal data and your rights in this regard please see our privacy notice.
The Data Protection Officer (DPO) is responsible for processing right to erasure requests received by the Council. All questions or comments related to this policy or a specific right to erasure request should be directed to firstname.lastname@example.org.
A data subject's right to erasure request is a written or verbal request for personal information (known as personal data) held about them by the Council. You have the right to request the removal of personal data held by us. Data subjects have the right to have their personal data erased if:
Erasure of personal data is not an absolute right. It will be granted in most but not all circumstances. Most commonly your personal data will not be subject to the right to erasure where:
We can refuse to comply with a request for erasure if:
We can also refuse to comply with a request for erasure if it is manifestly unfounded or excessive.
To allow us to respond promptly to any right to erasure request we ask you to complete the online request form. Use of the form is not mandatory. However, completing the form should enable us to process your request more efficiently.
You can attach your proof of identity and address to the form, or alternatively you can email these documents to email@example.com, or post photocopies to:
The Data Protection Officer
Richmond and Wandsworth Councils
44 York Street
If you wish to make a verbal request please call 020 8831 6328 (Information Governance Office). We will still require proof of identity.
There is no charge for this service and we waiver the right, in accordance with Article 12 of the GDPR to charge a 'reasonable fee' for administrative costs. We will instead refuse the request if it is considered to be 'manifestly unfounded or excessive'.
We will first check that we have enough information to be sure of your identity. In some cases we may request any additional evidence we reasonably need to confirm your identity. We do this to ensure that the correct data will be identified for erasure and that you have a right to request this.
We will then check that we have enough information to find the records you requested for erasure. If we feel we need more information, then we will ask you for this without undue delay.
We will consider whether the request can be agreed or whether there are valid reasons for retaining some/all of the data. If we are unable to carry out the erasure of your personal data we will, within one calendar month advise you of this and explain the reason why and your right to complain about this decision.
We will then conduct a full search of all our relevant databases and filing systems and locate all data relevant to the data subject. We will identify all third-party processors that may also have the personal data and instruct them to completely remove the data from their environments and confirm erasure. Your personal data will then be removed from our digital and physical environments.
Finally, we will respond to the data subject to confirm data erasure from our environment and all associated third parties.
All right to erasure requests, once validated and accompanied by valid proof of identity, will be dealt with without undue delay and certainly no later than one calendar month in accordance with the Data Protection Act 2018 Section 54, from the latest receipt of the following:
Updated: 13 June 2019