The General Data Protection Regulation (GDPR) in Europe regulates erasure obligations.
This grew out of the test case that derives from the case Google Spain SL, Google Inc v Agencia
Española de Protección de Datos, Mario Costeja González (2014). This codified the right to erasure
obligations. Personal data must be erased immediately where the data is no longer required for
their original purpose, or where consent has been withdrawn. This includes where the data subject
has objected and there are no legitimate grounds for the processing. The data subject moves from
a passive role in the past to now being an active subject. Their will has a strong impact on the
processing of his/her data. It is especially important, when it comes to the fundamental rights of
data subjects that rights are clearly defined by the Regulations. The main reason for pursuing
these provisions is to protect data subjects in a society where information technology has become
a huge part of everyday life. This article seeks to explain the rights of the individual citizen and
the responsibilities of organisations. The article also explains the difficulties in applying these
principle
