GDPR: Right to Erasure and Data Portability


Organizations that collect and process personal data from EU citizens are faced with an advancing deadline to get their procedures in line with the General Data Protection Regulation (GDPR). The GDPR is the biggest change to European Union (EU) data protection law since the 1995 EU Data Protection Directive. The GDPR expands the scope of companies that need to comply, strengthens data subject rights, and raises the bar for security and privacy. One of the new rights EU citizens have with their personal data is the right to erasure and data portability.

If you need to familiarize yourself with the GDPR, consider exploring this site. If you are not familiar with some of the GDPR terminology, you might find this page of the GDPR regulation helpful. Otherwise, continue reading to find out what the right to erasure and data portability means, and the steps JumpCloud is taking to to meet this component of the GDPR.

The Right to Erasure

First, let’s break down the right to erasure. Also referred to as the right to be forgotten, the right to erasure grants data subjects (EU citizens) the right to have their personal data deleted under certain circumstances (GDPR Art. 17). However, a data subject’s request for erasure needs to meet one of these conditions (ICO):

  • The personal data is no longer needed for the purpose it was originally collected.
  • The individual withdraws consent.
  • The controllers/processors breached the GDPR and did not obtain proper consent.
  • Legal obligations require that the personal data is erased.

When a request for erasure is made and the organization has shared this data with third-party processors, the organization needs to do everything it can to inform the third party processor of the erasure.

The GDPR also presents conditions where organizations have the right to refuse erasure. These are as follows (ICO):

  • The processing of data is part of their right to freedom of expression and information.
  • The processing of data serves to further scientific, historical, or statistical research.
  • The personal data is part of the exercise or defence of legal claims.

(Read more...)

*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Natalie Bluhm. Read the original post at:

Natalie Bluhm

Natalie is a writer for JumpCloud, an Identity and Access Management solution designed for the cloud era. Natalie graduated with a degree in professional and technical writing, and she loves learning about cloud infrastructure, identity security, and IT protocols.

natalie-bluhm has 170 posts and counting.See all posts by natalie-bluhm