This engaging course outlines the various situations in which organisations are required to delete or stop processing an individual’s personal data without delay, including when an individual requests it under specific circumstances.
The course also covers the organisational policies and procedures to develop and follow when an organisation receives a request from an individual to either erase or stop processing their personal data.
The course looks at the specific situations such as when to refuse to comply with an individual’s request, how to deal with data shared with third parties and requests for erasure from children.
Learners are challenged to a series of questions to test their knowledge and understanding of erasure and compliance with the GDPR. To successfully complete the course, learners must earn data protection shields – there are three in total to collect. Learners can also take the assessment again to improve their score.
| Number of Learners | Cost (per year) | |
|---|---|---|
| 1 - 10 | ||
| 11 - 20 | ||
| 21 - 50 | ||
| 51 - 100 | ||
| 101 - 150 | ||
| 150+ | ||
| Number of Learners | Cost (per year) | |
|---|---|---|
| 50 - 100 | ||
| 101 - 200 | ||
| 201 - 300 | ||
| 301 - 400 | ||
| 401 - 500 | ||
| 501 - 750 | ||
| 751 - 1000 | ||
| 1001 - 2500 | ||
| 2501 - 5000 | ||
| 5000 - 10,000 | ||
| 10,000 + | ||
Included Features
Under the General Data Protection Regulation (GDPR), the Right to be Forgotten outlines an organisation’s legal obligation to take all reasonable steps to erase customer data including by any and all third parties with whom the data may have been shared.
The right to be forgotten (Erasure) applies in specific situations such as when an individual withdraws their consent or objects. Erasure also outlines the additional measures necessary when handling children’s data.
Under Article 17 of the GDPR, individuals have the right to have their personal data erased from data controllers and processors who hold them. The right to be forgotten only applies in certain circumstances such as the personal data is no longer necessary for the purpose the organisation originally collected data for, the organisation has processed the data unlawfully and if the individual withdraws their consent or objects to legitimate interests as basis for processing their personal data, direct marketing purposes.
Under Article 12.3 of the GDPR, organisations must comply with a legitimate request for erasure without undue delay and at the latest within one month of receipt of the request. Organisations should calculate the time limit from the day they receive the request (whether it is a working day or not) until the corresponding calendar date in the next month. This timeframe can also be extended up to 60 days depending on the complexity of the request.
For businesses, erasure falls under the scope of compliance with the GDPR but also best practice for data management. Erasure works to encourages businesses to be transparent and consider their customers’ rights and needs. For customers who are supplying their personal data to businesses, knowing that a business is complying with erasure requests increases their trust.
If you have any feedback about our products please contact us at [email protected]
