Skip to main content

Allow erasure requests

Requirement#

The system must allow its users to request erasure of collected data belonging to them.

Description#

Systems usually request information from their users, obtain it from third parties or collect it based on their interactions with the application. They should have a mechanism that allows users to request the erasure of this information and guarantees its complete deletion. Furthermore, the erasure should also occur if the user decides to revoke their consent.

Exceptions#

  1. If the system is able to demonstrate that it is not possible to individually identify the users based on the information collected from them, this requirement is not applicable.

References#