You have appropriate methods and procedures in place within your organisation to delete, halt, or stop processing personal information, if required.
Best Practice
You clearly tell the individual what will happen to their information upon an erasure request.
You erase personal information from back-up systems as well as live systems where necessary.
If the personal information is disclosed to others, your organisation contacts each recipient to inform them about the erasure, unless this is impossible or involves disproportionate effort.
If asked to, your organisation tells the individual which third parties have received the personal information.
If personal information has been made public in an online environment, you take reasonable steps to tell other entities that are processing it to erase links to, copies, or replication of that data.
Your organisation recognises the special attention required to action a request for erasure where the processing is or was based on a child’s consent, especially when processing any personal information on the internet.
Accountability Check
Would team members say there are effective processes in place to erase personal information?
Would requesters advise that they were given clear information about the steps your entity took?