What is included in a Data Erasure Request?

This Data Erasure Request template covers: your details the business’ details details of your ‘right to be forgotten’ which personal data you want to be deleted where the to-be-deleted personal data is held (eg in employment records, billing records or a user activity log) why you are requesting the deletion

What is the right to be forgotten?

The right to be forgotten is your right to have your personal data deleted. There are different reasons why you may want your personal data deleted, including: you have now withdrawn consent for activities relating to your data (eg you agreed to partake in a market research study and later changed your mind) it’s not necessary for the business to continue holding your data for its original purpose (eg a gym no longer needs to keep details on your name, address, age and health conditions after you’ve cancelled your membership) the business has collected or used your data unlawfully For more information, read Making data deletion requests .

What details does a Data Erasure Request need to include?

Your Request should, as a minimum, include: your full name (including any previous names, where relevant) your up-to-date contact details (eg address and telephone number) any details to help the business identify you a statement that you wish to exercise your right of erasure details of the personal data you want to have deleted a request for a response within a specified timeframe (typically one calendar month), in which the business should confirm that they will comply with your Data Erasure Request For more information, read Making data deletion requests .

How long does a business have to respond to my Data Erasure Request?

Businesses generally have to respond within one month . However, they may extend this period (for up to two months) if they need extra time to consider your Data Erasure Request (eg because you have made several Data Erasure Requests). If they need more time, you should be informed (and provided with a reason) within one month. For more information, read Data protection requests .

How will a business respond to a Data Erasure Request?

After receiving your Request, a business should delete your data, unless they refuse to do so because an exemption applies. Examples of exemptions include: it’s necessary to keep your data for reasons such as freedom of expression or information (eg work for journalism, academic, artistic and literary purposes) the data is necessary for legal claims (eg if the data is required to establish, exercise or defend a claim) retention of the data is necessary for reasons of public health When you make a successful Deletion Request (ie one that results in your data being deleted), the business should contact any third parties with which they shared your data, to inform them about your Request. Businesses can only refuse to do this if it would be impossible or would involve a disproportionate effort. If your personal data has been published online (eg social networks and websites) the business has to take reasonable steps to inform those responsible for these sites to erase your personal data. For more information, read Making data deletion requests and Data protection requests .

What if a business doesn’t respond to my Data Erasure Request?

If a business doesn’t respond (or you are dissatisfied with their response), you should contact them directly. If you do not receive a response or remain dissatisfied with the response, you can complain to the Information Commissioner’s Office (ICO) . For more information, read Data protection requests .

MAKE YOUR FREE Data Erasure Request

Other Names: Data Deletion Request Right to be Forgotten Request Personal Data Deletion Request Deletion Request Data Protection Request

What is a Data Erasure Request?

A Data Erasure Request is a written request to a business (or other organisation) asking them to delete the personal data (eg names, contact details or health information) they hold about you. Data Erasure Requests can be made under section 47 of the Data Protection Act 2018.

When should I use a Data Erasure Request?

Use this Data Erasure Request:

to request that a business delete any of your personal data they hold
if you are based in England, Wales or Scotland
if the business is based in England, Wales or Scotland

Rocket Lawyer members have customised over 6.4M documents

Documents and communicates

Complies with relevant laws

Ask a lawyer questions about your document

Sign this document online for free with RocketSign®

To whom it may concern,

Data deletion request

Under the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 I have the right to request the deletion of my personal data held by.

I am requesting that you delete all the personal data you hold on me. Specifically, I am requesting that you delete personal data relating to:

I am further requesting that you delete personal data held:

I am requesting that you delete this data because:

Please find below my information which you can use to identify me and the personal data I am requesting you delete, to respond to my request and to keep a record of my request and your response.

Full name:
Address: , ,
Are you a current or former employee of?: I am a employee
Approximate date of employment:

You can find more information and guidance on the Information Commissioner’s Office website (www.ico.org.uk), including:

your obligations under data protection laws
the regulatory powers of the Information Commissioner’s Office and actions they can take in relation to data deletion requests

If you need any more information, please let me know as soon as possible.

Please bear in mind that data protection laws require you to respond to my request for personal data within one calendar month.

If you do not normally deal with data deletion requests, please pass this letter on to your data protection officer or relevant member of staff.

Yours faithfully,

_________________________________

About Data Erasure Requests

Learn more about making your Data Erasure Request

Collapse all

Expand all

How to make a Data Erasure Request
Making a Data Erasure Request online is simple. Just answer a few questions and Rocket Lawyer will build your document for you. When you have all of the details prepared in advance, making your document is a quick and easy process.

To make your Data Erasure Request you will need the following information:

Party details
- The details of the business or organisation that you’re sending the Request to (including its legal structure, name and address).
- Your details (including your name (and any previous names), address, date of birth and contact details).
Personal data
- Which personal data do you want the business to delete?
- Is the personal data being held:
  - In employment records or personnel files?
  - In pension or benefits records?
  - By a specific department? What is the department’s name?
  - In billing records?
  - In user activity logs?
  - In financial statements? What account number do they relate to and what are the dates of the financial statements being requested?
  - In another place and, if so, where?
Employment
- Are you a current or former employee of the business or organisation?
  - If you are a current employee, when did you start working for the business or organisation?
  - If you are a former employee, when did you start and stop working for the business or organisation?
Reason
- Why do you want the business or organisation to delete your personal data?
Letter
- On what date is the Request sent to the business or organisation?
Collapse
Common terms in a Data Erasure Request
Data Erasure Requests are used by data subjects (ie individuals) to ask a business or other organisation to delete the personal data they hold on them. To do this, this Request covers:

An introduction

This sets out your right under the Data Protection Act 2018 and UK General Data Protection Regulation (GDPR) to make a Data Erasure Request and what exactly this entails.

Details of the personal data that is to be deleted

This section sets out your request that the business or organisation should delete the indicated personal data. It also provides details of where the personal data is held.

Details to identify the data subject

This part of the Request sets out the details that can be used by the business or organisation to identify you and the personal data you want deleted. These details include:
- your name (and any previous or other names you are or have been known by)
- your address
- your date of birth
- your telephone number and email address
- whether you are a current or former employee of the business or organisation and your employment start (and, where applicable, end) date
Response to your Data Erasure Request

This section highlights that you are requesting that your Data Erasure Request be handled in the appropriate fashion and within an appropriate time frame. It also reiterates that, under data protection laws, a business or organisation generally has one calendar month to respond to your Request.

If you want your Data Erasure Request to include further or more detailed provisions, you can edit your document. However, if you do this, you may want a lawyer to review or change the Request for you, to make sure it complies with all relevant laws and meets your specific needs. Ask a lawyer for assistance.
Collapse
Legal tips for making a Data Erasure Request
Understand when to provide proof of identity

After a Data Erasure Request is made and sent, the business or organisation may ask you to provide proof of ID. This is done so that they can carry out identity verification for security reasons. If you are asked to provide proof of ID, the one-month time limit for responding to your Request is extended. This means that the time limit does not start until the business or organisation has received your proof of ID. For more information, read Data protection requests.

Be aware that a fee may be charged in some circumstances

Generally speaking, businesses or other organisations should comply with Data Erasure Requests free of charge. However, in some circumstances, a fee may be charged. For example, if the business or organisation believes your request to be manifestly unfounded or excessive. In these cases, a fee can be charged to cover their administrative costs. As with providing proof of ID, the one-month time limit for responding to a Request doesn’t start until after any required fee is paid and received. For more information, read Data protection requests.

Understand when to seek advice from a lawyer

Ask a lawyer if:
- you are making a Data Erasure Request on behalf of someone else
- this document does not cover your legal needs
- the business is based outside of England, Wales and Scotland
- a business does not respond to your Request
Collapse

Data Erasure Request FAQs

Collapse all

Expand all

What is included in a Data Erasure Request?
This Data Erasure Request template covers:
- your details
- the business’ details
- details of your ‘right to be forgotten’
- which personal data you want to be deleted
- where the to-be-deleted personal data is held (eg in employment records, billing records or a user activity log)
- why you are requesting the deletion
What is the right to be forgotten?
The right to be forgotten is your right to have your personal data deleted. There are different reasons why you may want your personal data deleted, including:
- you have now withdrawn consent for activities relating to your data (eg you agreed to partake in a market research study and later changed your mind)
- it’s not necessary for the business to continue holding your data for its original purpose (eg a gym no longer needs to keep details on your name, address, age and health conditions after you’ve cancelled your membership)
- the business has collected or used your data unlawfully
For more information, read Making data deletion requests.
What details does a Data Erasure Request need to include?
Your Request should, as a minimum, include:
- your full name (including any previous names, where relevant)
- your up-to-date contact details (eg address and telephone number)
- any details to help the business identify you
- a statement that you wish to exercise your right of erasure
- details of the personal data you want to have deleted
- a request for a response within a specified timeframe (typically one calendar month), in which the business should confirm that they will comply with your Data Erasure Request
For more information, read Making data deletion requests.
How long does a business have to respond to my Data Erasure Request?

Businesses generally have to respond within one month. However, they may extend this period (for up to two months) if they need extra time to consider your Data Erasure Request (eg because you have made several Data Erasure Requests). If they need more time, you should be informed (and provided with a reason) within one month. For more information, read Data protection requests.
How will a business respond to a Data Erasure Request?
After receiving your Request, a business should delete your data, unless they refuse to do so because an exemption applies. Examples of exemptions include:
- it’s necessary to keep your data for reasons such as freedom of expression or information (eg work for journalism, academic, artistic and literary purposes)
- the data is necessary for legal claims (eg if the data is required to establish, exercise or defend a claim)
- retention of the data is necessary for reasons of public health
When you make a successful Deletion Request (ie one that results in your data being deleted), the business should contact any third parties with which they shared your data, to inform them about your Request. Businesses can only refuse to do this if it would be impossible or would involve a disproportionate effort.

If your personal data has been published online (eg social networks and websites) the business has to take reasonable steps to inform those responsible for these sites to erase your personal data.

For more information, read Making data deletion requests and Data protection requests.
What if a business doesn’t respond to my Data Erasure Request?

If a business doesn’t respond (or you are dissatisfied with their response), you should contact them directly. If you do not receive a response or remain dissatisfied with the response, you can complain to the Information Commissioner’s Office (ICO). For more information, read Data protection requests.

Our quality guarantee

We guarantee our service is safe and secure, and that properly signed Rocket Lawyer documents are legally enforceable under UK laws.

Need help? No problem!

Ask a question for free or get affordable legal advice from our lawyer.

Complete your Data Erasure Request with our Make it Legal™ checklist

Make your document

Create your document by following Rocket Lawyer’s step by step interview process. If you need to edit your answers after creating your document, you can return to the interview to do so. Get started now!
Check

Read your Data Erasure Request to make sure it meets your needs. Read Making data deletion requests for more information. Remember that if you have any questions you can easily Ask a lawyer.
Sign it to make it legal

You can sign your Data Erasure Request by either signing online using RocketSign or in print.
Securely sign online and invite others to sign with RocketSign®
Send your document

Send your Data Erasure Request to the business or organisation in question. Where possible, send it to the relevant person or team.
Store your document

A copy of your Data Erasure Request will be stored automatically in your Rocket Lawyer account ‘Dashboard’. You should also keep proof of any postage or delivery or read receipts and additional documents sent alongside the Data Erasure Request.
Important details
- Send your Data Erasure Request to the relevant team or person (eg a data protection officer (DPO)). Details on contacting the relevant individual or team are usually contained in an organisation’s privacy policy.
- Make sure to keep a copy of the Data Erasure Request for your records, including any ‘read receipts’ if sent by email or, if sent by post, any proof of postage or delivery (eg a postal reference number).
- Make sure to keep a copy of any additional documents sent with your Data Erasure Request and further written correspondence for your records.

MAKE YOUR FREE Data Erasure Request