The right to erasure is also known as the ‘right to be forgotten’. The main principle of this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for the University to continue to keep processing that information.
How does Lancaster University meet this right?
The right to erasure is not an absolute right. The right to erasure is applicable to individuals under the following, specific, circumstances:
- where the personal data is no longer necessary in relation to the purpose for which is was originally collected/processed;
- when the individual withdraws consent (where consent is the legal basis for processing);
- when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing;
- the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR or Data Protection Bill);
- the personal data is processed in relation to the offer of information society services to a child.
This right is not limited to processing activities which may cause unwarranted and substantial damage or distress to an individual. However, if the processing is deemed to be causing damage or distress, this will strengthen the individual’s case for erasure.
The University can refuse to comply with a request for erasure where the personal data is processed under the following circumstances (exemptions):
- to exercise the right of freedom of expression and information;
- to comply with a legal obligation for the performance of a public interest task or exercise of an official authority;
- for public health purposes in the public interest;
- archiving purposes in the public interest, scientific research, historical research or statistical research;
- the exercise of legal claims.
If the personal data which has been requested to be erased has been shared with third parties, then the University is obligated to inform those parties of the erasure of the information, unless this proves impossible or involves disproportionate effort.
Where the University receives a request for erasure from an individual but that information is exempt from the right to erasure, the Information Governance Manager will write to the individual and explain to them that their request will not be complied with, and explain which exemption applies.
Requests for erasure should be made directly to the University’s Information Governance Manager.