|
|
|
|
|
|
by motdiem
2193 days ago
|
|
|
My understanding is keeping the deletion requests fullfills a legitimate business interest, so no -I would not delete the request. What we do is we keep those in a separate system, since the user records themselves (in my app, crm, etc) would be removed. That system is also how we "prove" that we executed the deletion requests in a timely manner |
|
|
There are several possible legal bases for processing personal data and legitimate interests is one; if legitimate interests wasn't your reason for processing personal data in the first place, then you couldn't rely on it later.
If legitimate interests were the basis for your processing, and a person requested their data be deleted, you have to be able to demonstrate that your legitimate interest overrides their rights. You should probably also demonstrate there aren't other steps you could reasonably take, eg partially deleting or anonymising the data.