When do I need to meet my GDPR ‘Right to Erasure’ obligation?
Individuals now have the ‘Right to Erasure’ – also known as the ‘Right to be Forgotten’ – which means they can ask data controllers to delete the information they hold on them. This is regulated under Article 17 of the GDPR.
These regulations give more power to individuals to control how and why their data is processed, and by whom, and extends the control they have over the previous Data Protection Act, which required the individual to prove that the processing was causing them damage or distress before they could request data deletion.
Now, any individual can request a data controller or processor to erase/remove their personal data, stop any further distribution of their personal data, and potentially stop third parties from processing their personal data. This, of course, also relates to appropriate recorded calls and digital communications that have been made by the individual.
The Right to Erasure applies under a number of circumstances:
- When the personal data is no longer necessary for the purpose it was originally collected.
- When the individual no longer consents, and withdraws it.
- If the individual objects to their data being processed and there is no legitimate reason to override this objection.
- If the data is being used for direct marketing purposes and the individual wants to withdraw this consent.
- If the data being processed relates to the offer of information society services to a child.
- If the data is ever processed in breach of data protection regulations (such as GDPR).
- There is a legal obligation to erase the data.
Inevitably this creates huge challenges for organisations, and can be costly, disruptive and risky. At the same time, many organisations record and store calls and communications across multiple channels, including SMS, MMS, chat and enterprise applications, for a variety of reasons such as compliance, training, audit trails, and so on. This means an additional headache.
How can organisations ensure that recorded and stored personal data can be easily retrieved, and effectively deleted, in order to meet compliance requirements?
Touch Call Recording offers a easy, secure, risk-free alternative to resource-heavy data deletions. The easy-to-use web-interface provides advanced search and retrieval capabilities –making it easy to find and delete individuals’ personal data. Meanwhile, Touch Call Recording’s hierarchical-based access control ensures that only permitted personnel can access (and delete) the data.
As such, it provides a simple and fast solution to retrieving and deleting recorded conversations – both voice and digital – upon receipt of a Right to Erasure request. It therefore simplifies compliance, reduces associated costs, and ensures that organisations respond in a timely manner to Right to Erasure requests.
Why cause yourself a headache, when Touch can take care of your Right to Erasure requests in a simple and secure fashion? Get in touch now to find out how we can help.