Which regulations reference Right to Erasure (Right to Be Forgotten)?

Right to Erasure (Right to Be Forgotten) is referenced in or relevant to: gdpr, ccpa-cpra, dpdpa, lgpd.

Compliance

What is Right to Erasure (Right to Be Forgotten)?

The right to erasure, also known as the right to be forgotten, allows individuals to request that organizations delete their personal data when it is no longer necessary, consent is withdrawn, or processing is unlawful.

The right to erasure, commonly referred to as the right to be forgotten, is a fundamental data subject right under Article 17 of the GDPR. It allows individuals to request the deletion of their personal data from an organization's systems. The controller must comply without undue delay when the data is no longer necessary for its original purpose, the individual withdraws consent, the individual objects to processing with no overriding legitimate grounds, the data was unlawfully processed, or deletion is required by law.

The right is not absolute and has several exceptions. Organizations may refuse erasure when processing is necessary for exercising freedom of expression, compliance with a legal obligation, public health purposes, archiving in the public interest, or establishing or defending legal claims. Similar rights exist under the CCPA (right to delete), DPDPA (right to erasure), and LGPD (right to deletion). Each regulation has its own scope, exceptions, and response timelines.

Fulfilling erasure requests requires organizations to locate all instances of the individual's data across every system, including backups and third-party processors. IQWorks addresses this through SearchIQ for comprehensive data subject searches, DiscoverIQ for maintaining a current data map, and automated deletion workflows that execute across connected systems while maintaining audit logs.

Relevant Regulations

GDPR (General Data Protection Regulation)CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act)DPDPA (Digital Personal Data Protection Act)LGPD (Lei Geral de Protecao de Dados)

How IQWorks Helps

SearchIQ

Enterprise Data Search

DiscoverIQ

Know Your Data

ComplyIQ

Privacy Compliance, Simplified

Related Terms

GDPR Article 17 (Right to Erasure)

GDPR Article 17 establishes the right to erasure, also known as the right to be forgotten, allowing data subjects to request the deletion of their personal data under specific circumstances.

Data Subject Rights (DSR)

Data Subject Rights are the legal rights granted to individuals under data protection laws, enabling them to control how their personal data is collected, used, stored, and shared by organizations.

Data Subject Access Request (DSAR)

A Data Subject Access Request is a formal request made by an individual to an organization to obtain confirmation of whether their personal data is being processed and, if so, to receive a copy of that data along with details about how it is used.

Secure Data Deletion

Secure data deletion ensures personal data is permanently and irreversibly removed from all storage systems, supporting the right to erasure and storage limitation.

Explore More Terms

Browse our complete data protection glossary with 107+ terms.

View Full Glossary