Right to be Forgotten

The GDPR is intend to better protect privacy. But the right of the data subject are also (greatly) extend. What right exactly are we talking about? We list it for you.

The General Data Protection Regulation (AVG or GDPR) is there to guarantee the protection of personal data and therefore also the rights and freedoms of the data subject. In order to ensure this protection and to give the data subject even more control over his personal data, the GDPR provides for a (significant) extension of the rights of the data subject. This article provides an overview of these different rights with a brief explanation.

Also read: right to be forgotten gdpr

1. Right of access

The data subject has the right to know from the controller whether his personal data is being process. This means that the controller must inform the data subject about the processing of his personal data. For this, reference can be made to Step 3 of the GDPR: the transparency and information obligation of the controller. In addition to receiving information about the processing, the data subject has the right to access his personal data.

In addition, the controller shall provide a copy of the personal data in its possession at the request of the data subject. If the data subject requests additional copies, the controller may request a reasonable fee based on the administrative costs. When the data subject requests his personal data digitally, the controller can also transfer these digitally unless the data subject requests a specific method.

Important point of attention

The exercise of the right to obtain a copy is without prejudice to the right and freedom of other. The controller must therefore alway take into account that the protection of personal data of other person is guarantee. In order to avoid more general question about the processing of personal data, it is therefore important to draw up a clear privacy policy in which the controller informs the data subject. 

This will be a first safety net for many question, but will also lead to (greater) confidence of the individual (either as an employee or as a customer, …) in the company, with the result that fewer right (to access) will be give exert. Example: an employee requests access to his personnel file and wants a copy of it.

2. Right to Correction

The data subject has the right to correct or supplement his personal data if he determines that they are incorrect.

Example : Person A asks his employer to make the change of the bank account number as he has changed bank.

Also read: right to be forgotten process

3. Right to be forgot

The data subject has the right to ask the controller to delete his or her personal data if:

  • The personal data are no longer necessary for the purpose for which they were collect.
  • The data subject withdraws his consent and there is no other legal basis. For more information about the legal bases for the processing of personal data, please refer to Step 4: The Processing Basis.
  • The data subject has objected to a specific processing (see also ‘Right to object’ below) and there are no overriding legitimate grounds for the processing.
  • The data subject objects to direct marketing processing.
  • The personal data unlawfully process (i.e. not in accordance with the principles of the AVG/GDPR).
  • The law obliges the controller to delete.
  • The personal data are process on the basis of consent in the context of an offer of information society service.

The controller who has share the personal data with other controller will inform them as soon as possible about the request to be forgot. However, this right is not absolute as in some cases the processing is necessary for the exercise of the right to freedom of expression.

For the establishment or defense of legal claims, for the fulfillment of legal obligations or tasks in the public interest, public health, archiving in public interest, scientific, statistical or historical research. Example : the data subject object to receiving direct marketing and specifically request to be remove from the file.

4. Right to restriction of processing

The data subject may request to obtain the restriction of processing where:

  • He contest the correctness of the personal data and for the period that the correctness is check;
  • The processing is unlawful (i.e. does not comply with the principles of the GDPR) and the data subject opposes the erasure of the personal data;
  • The controller would delete the data as it no longer needs it for the specific purpose, but the data subject still needs the personal data to substantiate a legal claim;
  • The data subject has objected to the processing (see also ‘Right to object’ below) and there are no overriding legitimate grounds for the processing.

The restriction of processing means that the controller can only store and process the data with the specific consent of the data subject, for the establishment or defense of legal claims, for the protection of another person or for important reasons of public interest. The controller must inform the data subject when the restriction of processing is lift.

Example : person A orders a product from company B but A is not sure. Whether the billing address is still correct and requests a confirmation by e-mail of the data. That company B has to verify whether everything is correct. 

Also read: gdpr case studies

5. Right to portability of personal data

The right to portability (better known as ‘ right to data portability’ ). Means that the data subject can ask a controller to transfer the personal data. He or she has provided to another controller. This is possible when the personal data is process on the basis of the data subject’s consent.

Or in the context of an agreement with the data subject. Or when the processing is carry out by automate mean. A specific requirement for this transfer is that the controller must transmit the personal data to the data subject. Or to the other controller in a structured, commonly used and machine-readable format.

Diritto all’oblio


The diritto all oblio gdpr  is a legal tool you must use to protect your reputation and privacy. However, not everyone knows how to make the most of it. So here’s everything you need to know about it so you can get the most out of that right.


First, you need to understand  what the right to be forgot is . Well, this right is ensured by the Privacy Guarantor and is integrate  into article 17 of the regulation . In practice, the right to be forgot is configure as a right that allow you to completely delete personal data.  To understand this concept, it is appropriate to give an example. Imagine you signed up for a social network. 

After trying it you have decided that you want to delete your profile. Maybe your personal data in the meantime obtain from the company that owns the social network. In this case, you can appeal to the right to be forgot and  have the personal data to which you have given access completely delete  by agreeing to register on the portal. 

Right To Be Forgot

The right to be forgot can help you  strengthen your reputation and eliminate any problem with your privacy . Furthermore, this right can be fundamental to increase your personal web reputation or that of your company. In fact, by using this right, you can obtain the removal and de-indexing of links harmful to your reputation. 

In short,  this medium is essential  if you want to emerge on the web avoiding that others tarnish your reputation.  On 25 May 2018 with the entry into force of   the GDPR  , the  right to be forgot enjoy a specific rule .

European Regulation

Thanks to the new European regulation for data protection, the so-call GDPR or General Data Protection Regulation, the  right to be forgot now has method of implementation and a regulation  that expressly identifies its scope and limit.

This is a radical innovation, which lays well-structured foundations, going to cancel that sort of limbo in which the right to be forgot move, which was consider only at the jurisprudential level, with evaluation and judgment express from time to time, as if there was only a similarity and no common rule gdpr diritto all oblio



From a purely technical point of view, the answer is provide by the Court of Cassation which define the right to be forgot as the “just interest of each person not to remain indefinitely expose to the further damage that the repeat publication cause to his honor and reputation. of new legitimately disclose in the past “.

In less high-sounding term, the right to be forgot is the faculty that allows a single individual, who has committed a more or less serious crime in the past, to request that the affair not be re-disclose in the press or that it be remove from the web page.

Public Domain

If a news story from the past can remain anchored in people’s memory, perhaps due to the gravity or the presence of gory details, it is not right that it returns to the public domain especially if those who have blamed themselves have in the meantime paid amply for their mistakes. .

After a reasonable amount of time from the fact, it is possible to ask that it no longer be talk about in the newspaper, just as it is legitimate to request the removal from the web page of article, photograph, video, and of the search result that list the links to get there. to the new page because they are dealt with by several subjects.

Also read: cos’è diritto oblio