Rob presents a few highlights from the EDPB's latest Coordinated Enforcement Framework report on the "right to erasure".
- Poor storage limitation and retention schedule practices are leading to issues satisfying erasure requests.
- Too many people still conflating anonymisation and pseudonymisation, and thus incorrectly relying on the latter as an erasure method.
- Controllers are failing to delete personal data from backup systems in parallel with live systems.
- There has been overreliance on exemptions without having conducted an appropriate balancing assessment.
Time to start preparing for the next CEF topic: Transparency!