|
|
|
|
|
|
by lenlorijn
2197 days ago
|
|
|
It means remove any data that identifies the individual. So saving data that is not identifying is fine, saving a record of there having been a request is also fine, saving identifying that is part of the request is not fine. There are also limits placed on this by other laws. For example tax agencies often require companies keep sales records for multiple years. A request for deletion doesn't remove all invoices from sales records with their name on it. I imagine there are more examples, but I think it gives a good indication that GDPR is not where the buck always stops. |
|
|