The Right to Erasure, commonly known as the 'right to be forgotten,' is a legal mandate requiring data controllers to delete a data subject's personal information upon request when the data is no longer necessary for its original purpose, consent is withdrawn, or the processing is unlawful. This right is not absolute and includes specific exemptions, such as overriding public interest or legal obligations.
Glossary
Right to Erasure

What is Right to Erasure?
The Right to Erasure, codified in Article 17 of the GDPR, empowers individuals to request the deletion of their personal data without undue delay under specific conditions.
Technical fulfillment requires automated privacy request orchestration to locate and purge data across disparate systems, including backups and logs. Effective implementation relies on robust data lineage for PII to map all storage locations, ensuring complete deletion and providing a verifiable audit trail to demonstrate compliance to supervisory authorities.
Core Characteristics of the Right to Erasure
The right to erasure is not absolute; its applicability hinges on specific legal grounds, technical feasibility, and statutory exemptions. Understanding these core characteristics is essential for automating compliant deletion workflows.
The Six Lawful Grounds for Erasure
A data controller must erase personal data without undue delay where one of six specific grounds applies:
- Purpose Fulfillment: The data is no longer necessary for the original purpose.
- Consent Withdrawal: The data subject withdraws consent and no other legal basis exists.
- Objection Uphold: The data subject objects to processing and there are no overriding legitimate grounds.
- Unlawful Processing: The personal data has been processed unlawfully.
- Legal Obligation: Erasure is required to comply with a Union or Member State legal obligation.
- Child's Consent: The data was collected in relation to an information society service offered to a child.
The 'Undue Delay' Mandate
Article 17 requires erasure without undue delay. While the GDPR does not define a strict statutory deadline, regulatory guidance interprets this as one calendar month, consistent with the general DSAR response timeframe. Complex or numerous requests may warrant a two-month extension, but the controller must inform the data subject of the delay within the first month. Automated orchestration is critical to meeting this timeline across fragmented data silos.
Statutory Exemptions to Deletion
The right to erasure is overridden when processing is necessary for:
- Freedom of Expression: Exercising the right to freedom of expression and information.
- Legal Compliance: Complying with a legal obligation requiring processing by Union or Member State law.
- Public Interest: Performing a task carried out in the public interest or in the exercise of official authority.
- Public Health: Reasons of public interest in the area of public health.
- Archiving & Research: Archiving purposes in the public interest, scientific or historical research, or statistical purposes, where erasure would render impossible or seriously impair the achievement of those objectives.
- Legal Defense: The establishment, exercise, or defense of legal claims.
Propagation to Third Parties
The controller who has made the personal data public has a specific obligation to take reasonable steps, including technical measures, to inform other controllers processing the data that the data subject has requested the erasure of any links to, or copy or replication of, that personal data. This requires maintaining a data lineage map to identify all downstream processors and sub-processors who received the data.
Technical Exceptions: Backup & Legacy Systems
The GDPR acknowledges that erasure from live systems is distinct from backup and archival systems. Controllers are not required to destroy backup media immediately if doing so would be disproportionately difficult. However, they must ensure the data is 'put beyond use'—meaning it is not actively processed for any other purpose and is isolated from operational access. A clear policy for permanent deletion upon backup rotation is mandatory.
Verification of Identity & Request Refusal
Before fulfilling an erasure request, the controller must verify the identity of the data subject, especially in digital environments. If the controller has reasonable doubts concerning the identity of the natural person making the request, they may request additional information to confirm identity. A controller may also refuse to act on a request if it is manifestly unfounded or excessive, but must demonstrate the excessive character and inform the data subject of the reasons for refusal and their right to lodge a complaint.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Clear, technical answers to the most common questions about implementing the 'right to be forgotten' under GDPR Article 17, including its technical scope, exceptions, and impact on machine learning models.
The Right to Erasure, codified as Article 17 of the GDPR, is a data subject's right to obtain from the controller the deletion of their personal data without undue delay. It is not an absolute right; it applies when one of six specific grounds is met: the data is no longer necessary for its original purpose, consent is withdrawn, the data subject objects to processing, processing was unlawful, a legal obligation requires deletion, or the data was collected from a child's online service. Upon receiving a valid request, the controller must erase the data and take reasonable steps to inform any other controllers processing the data of the request. The technical implementation requires locating and deleting all instances of the data subject's personally identifiable information (PII) across primary databases, backups, logs, and derived datasets, often within a strict 30-day window.
Related Terms
Understanding the technical and legal mechanisms that intersect with the Right to Erasure is critical for building a compliant data lifecycle architecture.
Data Subject Access Request (DSAR)
The formal intake mechanism through which an individual invokes their Right to Erasure. A robust DSAR workflow must include identity verification, authentication, and secure submission channels to initiate the deletion lifecycle. Without a validated DSAR, an erasure request has no legal trigger.
Data Lineage for PII
The automated mapping of personally identifiable information across all storage silos, backups, and derived datasets. Effective erasure is impossible without complete lineage visibility. Key capabilities include:
- Tracing data from ingestion to every downstream consumer
- Identifying hidden copies in data lakes and log files
- Mapping data flows to third-party processors
Pseudonymization
A data minimization technique that replaces direct identifiers with artificial pseudonyms. While pseudonymized data is not automatically exempt from erasure requests, it provides a technical safeguard. If the additional information required to re-identify the data is kept separately and securely, the data may fall outside the scope of a deletion request.
Privacy Request Orchestration
The automated workflow engine that executes the technical steps of deletion across heterogeneous systems. Orchestration handles:
- Identity verification and fraud checks
- Data discovery across structured and unstructured stores
- Cascading deletion to backup systems and third-party processors
- Verification reporting to provide proof of erasure
Consent Audit Trail
An immutable, time-stamped log recording the full history of user consent. When a data subject withdraws consent under GDPR Art. 7(3) and requests erasure under Art. 17(1)(b), the audit trail provides the legal proof that consent was the lawful basis for processing and that no overriding legitimate interest now applies.
Data Residency Control
Technical governance measures that enforce the geographic location of data storage and processing. Erasure requests must be executed across all global nodes while respecting data localization laws. A deletion in one jurisdiction does not automatically satisfy obligations in another, requiring geo-aware orchestration.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us