Do you know that in the General Data Protection Regulation 2016/679, i.e. The GDPR Regulation obliges you to ensure the right to be forgotten to the user who has made such a claim against your company?
What does the right to be forgotten mean and what does it consist in?
The right to be forgotten ensures that a user who does not want you to process his data can object to it and order the deletion of his data. Does it always work and mean that user data must be deleted immediately? Not necessarily.
You, as the data processor of the user, can store this data for valid and legitimate reasons for a specified period of time despite the objection by the user, e.g.
• for accounting and tax purposes, ie for the proper settlement of the tax due or other receivables to the state. Typically, such data should be stored up to 5 years from the moment of the tax transaction (e.g. sale of a product or service to the user) or, in the case of employee’s personal data, even for several dozen years (as much as the regulations require keeping employee documentation)!
• to recognize the rights acquired by the user, such as warranty or guarantee. Deleting the user’s data a few days after the order has been placed may later hinder the fulfillment of his rights to complaints, warranty for the product or service sold. Usually, the user is entitled to such a right from one to two years (and in the case of products with a warranty longer than 2 years – correspondingly longer to the duration of this warranty). In the event of a complaint, the user deleted from the database will have to prove to us that he bought something from us. And since the law does not oblige him to present the original proof of purchase, we have the right to process data until his rights expire.
• storing data proving the fulfillment of the service for the user, eg removal from the newsletter database. Without storing data on the date, time and method of recording, and then the date of the discharge from the database, it will be difficult to prove the extract from this database if the user reports a month after the unsubscribe from the database.
In the above cases, the data can also be anonymised, i.e. deprived of the features that uniquely identify the given user with some data that is unique and unambiguous for him (insurance number or other personal ID, e-mail address, telephone number, address, name and surname, etc.). Then the data in such a record can be replaced with a random string of characters, which will no longer refer to a given user.
Such a possibility is useful not only to preserve the right to be forgotten, but also helps a lot when we use a parallel, developer or test version of a website or system for its development and corrections. Then the development company can process unreal and anonymised data, without processing real user data.
For this purpose, for example, the GALL data anonymization system can be used.