Erasure

The ‘Right to Erasure’, or the ‘Right to be Forgotten’ as it is commonly known, means that a data subject can request for all of their information to be erased from the church systems.  

This person may have previously given their consent for data to be held, but has subsequently withdrawn it and is requesting that their data be erased. This would mean that searching for that person would generate no results or data. 

There are exceptions to this if information is required for archive or historical purposes such as:

• Needing to hold amount and addresses for historical donations or Gift Aid claims
• There is another Data Subject whose data will be affected by the deletion
• The data may be necessary for Child Protection purposes
• You have another lawful basis for processing the data

If this data has been shared by the church with any other parties then they also need to be informed that the data needs to be erased. You will also need to make any consequences of erasure clear to the individual, e.g. that you will not be able to schedule them on a church rota if you cannot hold the necessary data.

It may be quite rare that you get these requests. However if you do then you must act on this request within a reasonable time. There will also be you data retention policy to consider which should be specified within your terms. For example you may have backups of your data and it is not possible to go through each backup and remove all references to a data subject who has requested a right to be forgotten. However your data retention policy should make it clear how long information would be stored. 

The ICO goes into more detail about the Right to Erasure here.