locked
GDPR Compliance RRS feed

  • Question

  • User1644485212 posted

    What all details should we delete from system when user asks to ForgetMe?

    It should be hard delete or soft delete would be fine?

    Can we continue presenting that user as Anonymous?

    Tuesday, April 17, 2018 9:06 AM

All replies

  • User283571144 posted

    Hi komaldparekh,

    According to Article 17, data controllers must erase personal data “without undue delay” if the processing was unlawful, the data is no longer needed, or the data subject objects to the processing.

    In GDPR lingo, the data subject is the person whose data has been collected, aka “the user or the customer.”

    In my opinion, the data should be hard delete.

    Best Regards,

    Brando

    Wednesday, April 18, 2018 5:30 AM
  • User1644485212 posted

    Thanks for the response Brando.

    One more question. Posts in the community comes under personal data? 

    There is no predefined list from GDPR side, but they states anything that can identify physical person directly or indirectly can be considered as personal data. So I am confused on what all details I should consider as personal data.

    Also can those data be kept as reporting purpose without identity of user?

    Wednesday, April 18, 2018 6:15 AM