[Solved] How should a company handle a data subject's request to erase their personal data under GDPR? - Ans: Erase data promptly unless there is a legal reason to retain it | Cybersecurity

Cybersecurity - Compliance and Governance

How should a company handle a data subject's request to erase their personal data under GDPR?

AIgnore the request if it is inconvenient

BErase data promptly unless there is a legal reason to retain it

CCharge a fee to process the erasure request

DDelete only data that is older than five years

Step-by-Step Solution

Solution:

Step 1: Understand GDPR right to erasure
GDPR grants individuals the right to have their personal data erased promptly unless exceptions apply.
Step 2: Evaluate options
Only Erase data promptly unless there is a legal reason to retain it aligns with GDPR's right to erasure, which must be fulfilled without undue delay unless legal grounds require retention. Ignoring requests, charging fees, or limiting by age violate GDPR.
Final Answer:
Erase data promptly unless there is a legal reason to retain it -> Option B
Quick Check:
GDPR erasure = Prompt unless legal reason [OK]

Quick Trick: Erase data promptly unless law says keep [OK]

Common Mistakes:

MISTAKES

Master "Compliance and Governance" in Cybersecurity

9 interactive learning modes - each teaches the same concept differently

More Cybersecurity Quizzes

How should a company handle a data subject's request to erase their personal data under GDPR?