The Right to Erasure
Under the General Data Protection Regulation (GDPR), you have a number of rights regarding the way in which we are allowed to process your personal data.
What is the right to erasure?
Under GDPR you have the right to have personal data erased. This is also known as the 'right to be forgotten'. This only applies in certain circumstances.
The majority of data processing undertaken by the Council is carried out in order to meet a legal obligation, or to complete public tasks. This means that the Right to Erasure will rarely apply to information held by the Council.
When does the right to erasure apply?
You have the right to have your personal data erased if:
- the personal data is no longer necessary for the purpose for which it was originally collected or processed;
- the processor is relying on consent as their lawful basis for holding the data, and you withdraw your consent;
- the processor is relying on legitimate interests as their basis for processing, you object to the processing of your data, and there is no overriding legitimate interest to continue this processing;
- your personal data is being processed for direct marketing purposes and you object to that processing;
- your personal data has been processed unlawfully (ie in breach of the lawfulness requirement of the 1st principle);
- the processor has to do it to comply with a legal obligation; or
- personal data has been processed to offer information society services to a child.
When does the right to erasure not apply?
The right to erasure does not apply if processing is necessary for one of the following reasons:
- to exercise the right of freedom of expression and information;
- to comply with a legal obligation;
- for the performance of a task carried out in the public interest or in the exercise of official authority;
- for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
- for the establishment, exercise or defence of legal claims.
How long does the Council have to comply?
Mendip District Council must act upon requests without undue delay and at the latest within one month of receipt.
The Council may extend the deadline by a further two months if the request is complex or if you have submitted a number of requests. You will be notified without undue delay and within one month of receiving your request and an explanation will be provided as to why the extension is necessary.
Submitting a request
An Information Rights Request under GDPR may be submitted in either of the following ways:
- By submitting the online form under Apply for This Service below.
- By writing to Information Governance, Mendip District Council, Council Offices, Cannards Grave Road, Shepton Mallet, BA4 5BT
You must include your full name, a return address and a details of the information that you are requesting. Mendip District Council has a duty to verify the identity of requesters, and consequently you may be asked to provide proof of your identity.