Home
Blog
The right to be forgotten - with a convenient sample letter!

Contents

Published: 31/07/2020

The right to be forgotten - with a convenient sample letter!

Have you ever worried about what companies do with the data they have on you? That makes sense. Since we use the internet for almost everything, we freely give away our personal information all the time. But we don’t have any control on what happens with that data. Luckily, there is a law that protects your privacy: the General Data Protection Regulation (GDPR). This law gives you the right to (almost) always be ‘forgotten’. In this article we’ll explain what this means exactly and how to use it.

At the bottom of this page you’ll find a sample letter that you can send to a company or organisation if you want your data to be deleted!

Why is data protection important?

An enormous amount of information is recorded about us. Almost every step we take - on the internet, but often also literally - is stored somewhere. We give a lot of information away about ourselves: where we are, what we buy, with whom we interact, you name it.

Now this in itself isn’t necessarily a problem, were it not for the fact that not every company or authority handles our data with care. Your data is used more often than you think for purposes you may not entirely support. For example, it is sold to third parties for a lot of money. Or even worse: your data ends is up for grabs if a company doesn’t have all their security checks under control.

Data protection

Data Leaks

When a data leak occurs, it is possible that you too will become a victim of it. Your account data becomes accessible to be picked up by anyone with bad intentions.

A few years ago this website was launched. On it you can check if your email address was part of a data leak.

have I been pwned website homepage

If this is the case, do not panic. This doesn’t necessarily mean that your account, and associated data, has been misused. It is however wise to change your password as soon as possible. Also do this for any other accounts that you’ve used that password for.

Privacy Violation

Unfortunately, sometimes your data is misused. The more information that is available about you online, the easier it becomes to commit identity fraud with your data.

So make sure you ‘protect’ your accounts as much as possible against this. How you go about this differs for each account. Any somewhat legitimate business you have an account with will offer an option in their menu where you can alter your account and privacy settings.

Privacy violations can also occur on a large scale. Remember the Cambridge Analytica scandal? Where sensitive Facebook data was collected and surreptitiously used for political gain?

We have previously written an article on 10 ways to guarantee your online safety.

facebook cambridge analytica

What is ‘the right to be forgotten’?

To ensure that your data is handled with care, a law has been put in place that protects your privacy: the General Data Protection Regulation (GDPR).

This law states, among other things, that if a company no longer has a good reason to save your personal data, they’re obliged to delete it. Simply put, you have ‘the right to be forgotten’, which means that a company ‘forgets’ your data.

What does ‘data minimisation’ mean?

A term that is often used when it comes to personal data is ‘data minimisation’. This means that companies can’t collect more data than is absolutely necessary. To be precise, data minimisation means that in the collection and processing of personal data, no more data may be collected than is strictly necessary to achieve the purpose for which they are to be used.

data minimisation

When don’t you have the right to be forgotten?

In some cases you do not have the right to be forgotten.

Sometimes a company is not legally obliged to delete your data. This applies to cases where the processing of data is required by law (e.g. the data required by the Tax and Customs Administration (Belastingdienst)), is important for maintaining public order (such as the police), is in the interest of public health or legal action (a suspect cannot request personal data to be forgotten in court) or the deletion request is contrary to the freedom of expression.

When do you have the right to be forgotten?

In most cases you do have the right to be forgotten.

You can ask an organisation to delete your data in any of the following situations (make sure you always mention one of these reasons when invoking your right to be forgotten!):

  • The organisation no longer needs your data. When your data is no longer relevant to a company and is no longer being used for the previously intended purpose, then the data must be deleted according to the data deletion obligation.
  • You object to the use of your data. Under the GDPR, you can always request that the processing of your data be stopped.
  • You have previously given an organisation permission to use your data, but revoke this permission. Organisations must comply with this and remove all personal data mentioned in the request. A good example of this is the newsletters sent out by some companies. If you respond that you no longer wish to receive their letters, the company must comply.
  • Your data is being processed unlawfully. For example, when a company does not adhere to the privacy laws when handling your data. If this is the case, then you always have the right to be forgotten.
  • The legally defined period of time during which a company can store your data has expired. In this case, organisations are legally required to delete your data.
  • Your child is under the age of 16 and yet personal information has been collected through the use of apps or a website. In this case, their personal data was obtained unlawfully which means they have the right to be forgotten.

Grip on your data and grip on your money? Download Dyme.

What to arrange after death?

When someone passes away it is not only important to, for example, terminate their rent contract and cancel their subscription services, but it is also important to protect their personal data. The GDPR, the law that we can use to protect our data, does not apply to the deceased. Most social media platforms do, however, allow you to report that someone has passed away. In addition, you can often specify whether you want an account to be deleted. On some platforms you can even have a commemoration page set up.

Delete an account

Curious about what happens with your data when you delete an account? That depends on the website in question.

Deleting your Facebook account is not straight forward. First, you’ll be redirected to the option to deactivate your account. When you deactivate your account, your personal data will still be saved. You can log in again at any moment. Only once you’ve deleted your account, will Facebook start to delete your personal data.

The deletion process can often take up to 90(!) days. Also when you delete apps on your phone, your data will be saved. You delete the app, not your data. So pay close attention to this when your goal is to protect your personal data.

delete my data

Request to delete personal data

Would you like a company to delete your personal data? The best way to do this is in writing or through email. This means you’ll then receive evidence that you could use to file a complaint with the Personal Data Authority. A few things must be stated in such a letter or email, i.e. your reason, such as those listed above, and the data that you want deleted.

Sample letter the right to be forgotten

Do you want a company to delete your data after reading this article? What you need to do is simple:

  1. Copy the sample letter below and fill in the parts written in italics with your own data.

  2. Print this letter;

  3. And send it to the company in question

    If all goes well, you will receive a response within a month stating that your data has been deleted. Please note that you must give one of the legitimate reasons as to why you want your data deleted. Be sure to name at least one of the 6 reasons listed above, applicable to your case, in the letter.

__

[Name]

[Address]

[Postcode and City]

[date]

Subject: Request to delete personal data

To whomever it may concern,

With the sending of this letter, I request my personal data to be deleted. I hereby invoke Articles 12 and 17 of the General Data Protection Regulation. The data that I wish to have deleted are as follows: [fill in which data you want to have deleted, for example: my account and all related data]. The reason for this request is as follows: [fill in one of the reasons listed below].

I kindly request a written reaction, in which is stated whether my request has been fulfilled. If my request for the deletion of my personal data cannot be fulfilled, please inform me of the reason.

Kind regards,

[Name]

[Address]

[Postcode and City]

__

An overview of the 6 possible reasons for deletion:

  • My personal data is no longer needed for the reason it was originally collected

  • I object to the use of my personal data

  • I have previously consented to the use of my personal data, but I hereby withdraw my consent

  • My personal data is being processed unlawfully

  • The legal period for the storage of my personal data has been exceeded

  • You are processing personal data from a person under the age of 16

Grip on your data and grip on your money? Download Dyme

Have you heard about our app? The Dyme app gives you a complete overview of your finances, so you are always in control of your money. Our smart technology generates overviews of your income and expenses automatically, so you do not have to waste your time doing it manually. We will also help you save money. The average Dyme user currently saves €720 per year on his/her recurring expenses! Want to know how much you could save?