You have appropriate methods and procedures in place within your organisation to delete, halt, or stop processing personal information, if required.
You erase personal information from back-up systems as well as live systems where necessary, and you clearly tell the individual what will happen to their information.
If the personal information is disclosed to others, your organisation contacts each recipient to inform them about the erasure, unless this is impossible or involves disproportionate effort.
If asked to, your organisation tells the individual which third parties have received the personal information.
If personal information has been made public in an online environment, you take reasonable steps to tell other entities that are processing it to erase links to, copies, or replication of that data.
Your organisation recognises the special attention required to action a request for erasure where the processing is or was based on a child’s consent, especially when processing any personal information on the internet.
Would team members say there are effective processes in place to erase personal information?
Would requesters advise that they were given clear information about the steps your entity took?