Overview of a Data Erasure Request Response Letter
What is a Data Erasure Request Response Letter?
The General Data Protection Regulation (“GDPR”) is a new Privacy law in the European Union (“EU”), which came into force on 25 May 2018. The GDPR regulates the protection of personal data, which includes any information that can be used to identify a person, such as a name, identification number, location data, or online identifier, and a wide range of other types of information.
The GDPR applies to all business in the EU, including the UK. However, if you are a business outside the EU that collects personal data from individuals in the EU, and you make decisions about how and why the personal data is used, you will be considered a “controller” under the GDPR, and be subject to its rules regarding the data of those individuals. If you process personal data of individuals in the EU on behalf of a controller, you will be considered a “processor”, and will also need to comply with the GDPR.
Important Note: The GDPR is a complex principle-based law subject to further interpretation by the supervisory authorities of each EU country. If you are not sure whether your data handling practices are compliant with the GDPR, please seek professional legal advice.