The Data Protection Agency is reviewing the right to erasure

View as Markdown
2 mins read • Legal Writer • GDPR • 29 April 2025
  1. How we can help

In 2025, the Data Protection Agency will send a questionnaire to 20 public and private organisations to examine how the right to erasure is handled under the GDPR. The aim is to strengthen data protection guidance and identify best practice. This is a timely opportunity for small and medium-sized enterprises to ensure their internal processes are robust.

The questionnaire maps how requests are received, what documented procedures and training exist, and which technical or organisational obstacles organisations encounter. The purpose is not to impose sanctions, but to raise standards and share learning across sectors through clear data protection guidance.

The right to erasure allows a data subject to require deletion of personal data when it is no longer necessary, when consent is withdrawn (withdrawal of consent GDPR), or where the individual objects to processing. Exceptions apply, for example, where retention is required by law or for the establishment, exercise or defence of legal claims under Article 17 GDPR.

For SMEs, the review is a reminder to tighten data subject rights management and embed practical controls ahead of any enquiry or GDPR compliance audit.

  • Establish documented procedures for handling erasure requests as part of your GDPR compliance assessment.
  • Train staff on GDPR, with targeted modules on the right to erasure and withdrawal of consent GDPR.
  • Review systems and records to ensure deletion is technically and operationally feasible across all data stores.
  • Communicate clearly with data subjects about their rights and your response timelines.

How we can help

At Morling Consulting, we support organisations across Europe with GDPR compliance consulting, data protection guidance and GDPR compliance audits. Our DPO services include Outsourced DPO and DPO as a Service, helping you manage data subject rights management effectively and identify best practice across your governance framework.

Contact us to structure a proportionate GDPR compliance assessment aligned with Article 17 GDPR and the right to erasure GDPR.

Material Design illustration showing three legal professionals in front of an AI chip, playground and surveillance symbols, representing IMY’s focus areas public AI, children’s privacy and law enforcement.

5 February 2026

IMY’s priorities for 2026 – what do they mean for your organisation?
Read more
Illustration of a startup GDPR compliance briefing, with team members reviewing a security checklist and data protection policy on a screen.

4 February 2026

GDPR in your start-up – how to build assurance and compliance
Read more
Anonymous lawyer in a suit presses a digital whistleblowing button inside a protective sphere, symbolising secure whistleblowing systems, employee privacy and internal controls under the AMLR.

3 February 2026

AMLR Articles 13–15: employee integrity, whistleblowing and internal control
Read more