In 2025, the European Data Protection Board (EDPB) will focus on the implementation of the right to erasure under Art. 17 of the General Data Protection Regulation (GDPR) as part of the Coordinated Enforcement Framework (CEF). This Europe-wide coordinated action is intended to determine how companies and organisations deal with erasure requests, what challenges exist and what best practices have been established.
What does this mean for companies?
The right to erasure is one of the most frequently asserted data protection rights and repeatedly leads to complaints to the supervisory authorities. With the upcoming review under the CEF initiative, companies can expect their data erasure processes to come under increased scrutiny.
Organisations are therefore well advised to review their internal processes relating to the erasure of personal data and ensure that they comply with GDPR requirements. Organisations that have not yet implemented a standardised deletion concept should do so immediately to avoid potential regulatory sanctions.