How long do you have to erase data under GDPR?
Under Article 12.3 of the GDPR, you have 30 days to provide information on the action your organization will decide to take on a legitimate erasure request.
This timeframe can be extended up to 60 days depending on the complexity of the request..
How long should personal data be kept?
GDPR does not specify retention periods for personal data. Instead, it states that personal data may only be kept in a form that permits identification of the individual for no longer than is necessary for the purposes for which it was processed.
Can I ask for my data to be deleted?
How do I ask for my data to be deleted? You should contact the organisation and let them know what personal data you want them to erase. You don’t have to ask a specific person – you can contact any part of the organisation with your request. You can make your request verbally or in writing.
Do companies have to delete your data?
Companies must delete data upon request if data is no longer necessary. If personal data that was collected by a company about an individual is “no longer necessary in relation to the purposes for which [it was] collected,” the company typically must honor a right to be forgotten request.
How do I delete personal data?
6 ways to delete yourself from the internetDelete or deactivate your shopping, social network and web service accounts. Think about which social networks you have profiles on. … Remove yourself from data collection sites. There are companies out there that collect your information. … Remove your info directly from websites.
Who is responsible for keeping personal data safe?
The DPO is responsible for everything related to keeping personal data secure and cannot be easily replaced. Appointing someone in this position means personal data can be kept safe and secure more easily, with customer and employee rights being respected according to GDPR.