Processing a “Right to Erasure” Request

The GDPR introduces a “right to be forgotten”. When you get a request to erase an individual’s personal data check first of all if there are any open interactions with that user, for example:

• A recent order
• Support ticket request
• A future booking for an event

It is not recommended that you remove anyone that has an open or recent interaction.  For example, if they only placed an order a few days ago a consumer has the right to return goods within 30 days and therefore you may need to process a return.  If you remove the user you will not be able to efficiently process the return.

If you are happy that the request is not going to cause future issues you should carry out the following tasks:

1. If you are running forms on your site go to >> Data > Form Results and search for the individual’s name and email address.
2. Delete any forms they may have filled in.
3. You can now safely remove the user account. This will remove the user and their associated data including information in log and audit tables.