Ask a lawyer if: you are making a data deletion request on behalf of someone else this document does not cover your legal needs the business is based outside of England, Wales or Scotland a business does not respond to your request This data erasure request is governed by the laws of England, Wales and Scotland.

Data Erasure Request | Template & FAQs

Q: How long does a business have to respond to my request?

Businesses generally have to respond within one month. However, they may extend this period (for up to two months) if they need extra time to consider your request (eg if you have made several requests). If they need more time, you should be informed (and provided with a reason) within one month. For more information, read Data protection requests.

How to make a Data erasure request

Under section 47 of the Data Protection Act 2018, you can make data erasure requests (also known as 'data deletion requests’) to businesses (or other organisations), asking them to delete any of your personal data (ie names, contact details or health information). Use this document to make a written data erasure request to a business.

Recently reviewed by Lauren Delin, Solicitor.

This data erasure request was last reviewed on 19 April 2022.

When should I use a data erasure request?

Use this data erasure request template:

to request a business delete any of your personal data they hold
if you are based in England, Wales or Scotland
if the business is based in England, Wales or Scotland

What's included in a data erasure request?

This data deletion request template covers:

your details
the business’ details
details of your ‘right to be forgotten’
what personal data you want to be deleted
where the to-be-deleted personal data is held (eg in employment records, billing records or a user activity log)
why you are requesting the deletion

What is the right to be forgotten?

The right to be forgotten is your right to have your personal data deleted. There are different reasons why you may want your personal data deleted, including:

you have now withdrawn consent for activities relating to your data (eg you agreed to partake in a market research study and later changed your mind)
it’s not necessary for the business to continue keeping your data for its original purpose (eg the gym no longer needs to keep details on your name, address, age and health conditions after you’ve cancelled your membership)
the business has collected or used your data unlawfully

For more information, read Making data deletion requests.

What is a data erasure request?

An erasure request is a written request to a business asking them to delete any of the personal data they hold on you.

What details does a data erasure request need to include?

Your request should, as a minimum, include:

your full name (including any previous names, where relevant)
your up-to-date contact details (eg address and telephone number)
any details to help the business identify you
a statement that you wish to exercise your right of erasure
details of the personal data you want to have deleted
a request for a response within a timeframe (typically one calendar month) confirming that they will comply with your request

For more information, read Making data deletion requests.

How long does a business have to respond to my request?

Businesses generally have to respond within one month. However, they may extend this period (for up to two months) if they need extra time to consider your request (eg if you have made several requests). If they need more time, you should be informed (and provided with a reason) within one month.

For more information, read Data protection requests.

How will a business respond to a data deletion request?

After receiving your request, a business should delete your data, unless they refuse to do so because an exemption applies. Examples of exemptions include:

it’s necessary to keep your data for reasons such as freedom of expression or information (eg work for journalism, academic, artistic and literary purposes)
the data is necessary for legal claims that require establishing, exercising or defending the claims
retention of the data is necessary for reasons of public health

When you make a successful deletion request (ie one that results in your data being deleted), the business should contact any third parties, with which they shared your data, about your data deletion request. This can only be refused if it would be impossible or involve a disproportionate effort.

If your personal data has been published online (eg social networks and websites) the business has to take reasonable steps to inform those responsible for these sites to erase your personal data.

For more information, read Making data deletion requests and Data protection requests.

What if a business doesn’t respond to my request?

If a business doesn’t respond (or you are dissatisfied with their response), you should contact them directly. If you do not receive a response or remain dissatisfied with the response, you can complain to the ICO. For more information, read Data protection requests.

Further advice

Ask a lawyer if:

you are making a data deletion request on behalf of someone else
this document does not cover your legal needs
the business is based outside of England, Wales or Scotland
a business does not respond to your request

This data erasure request is governed by the laws of England, Wales and Scotland.

MAKE YOUR FREE Data erasure request

HOW IT WORKS