The General Data Protection Regulation (GDPR) gives individuals in the European Union a “right to erasure,” sometimes called the “right to be forgotten.” In broad terms, it lets a person ask an organization to delete personal data that concerns them, and it obliges that organization to comply in defined circumstances. For records professionals, the right is deceptively simple on its face but genuinely difficult in practice, because deletion on demand collides with the foundational records management discipline of retaining records for as long as they are needed and disposing of them only on a defensible, documented schedule.
The tension is not that erasure and retention are incompatible. It is that they answer to different logics. Erasure is rights-driven and individual: it responds to a person’s request about their own data. Retention is obligation-driven and organizational: it responds to law, regulation, business need, and accountability. Reconciling the two is largely a matter of recognizing that the right to erasure is conditional, not absolute, and that several of its built-in exceptions are precisely the situations a retention schedule already governs.
What the Right to Erasure Actually Requires
Under the GDPR, an individual can request erasure of their personal data, and the organization (the “controller”) must act when one of several conditions applies. Common triggers include personal data that is no longer necessary for the purpose it was collected for, withdrawal of the consent that the processing relied on, an objection to processing that the controller cannot override, or data that has been unlawfully processed. The principle of storage limitation reinforces this: personal data should not be kept in identifiable form longer than necessary for its stated purpose.
Crucially, the right is qualified. The regulation lists circumstances in which erasure does not apply, even when an individual asks. These include processing necessary to comply with a legal obligation, processing carried out for the performance of a task in the public interest, and retention needed for the establishment, exercise, or defense of legal claims. Each of these is, in effect, a recordkeeping rationale. A retention requirement imposed by another law is the textbook example of a “legal obligation” that can lawfully defeat an erasure request.
Where Retention Law Limits Erasure
Many records exist because some authority requires them to exist. Tax, employment, financial, health, and safety regimes routinely mandate that specific records be kept for fixed periods. Where such a legal retention obligation applies, the organization generally cannot delete the underlying personal data simply because the data subject asked; doing so would breach the other law. The right to erasure yields to the retention mandate for the duration of that mandate.
The practical discipline, then, is to know which data is held under a genuine legal retention obligation, which is held merely out of habit, and which is held for a legitimate but discretionary business purpose. Only the first category reliably overrides an erasure request. Data kept “just in case,” with no documented legal basis or schedule, is exactly the data an erasure request will expose as indefensible. A well-maintained retention schedule is therefore the single most useful tool for answering erasure requests consistently: it tells you, record class by record class, whether a deletion demand must be honored, may be deferred, or must be refused with a stated reason.
Reconciling Erasure With a Retention Schedule
A defensible program treats erasure not as an exception to retention but as one of several disposition triggers feeding the same governed process. Practical measures include:
- Map personal data to record classes. Erasure cannot be operationalized if you do not know where personal data lives, what purpose each holding serves, and which retention rule governs it.
- Document the legal basis for every retention period. When you decline an erasure request, you should be able to cite the obligation or legitimate interest that justifies continued retention, and the date on which that justification expires.
- Distinguish suppression from deletion. Sometimes you must retain a minimal record (for example, a suppression list) precisely so the person is not re-contacted; the GDPR contemplates restriction of processing as an alternative to deletion in defined cases.
- Honor erasure across copies and backups proportionately. Personal data proliferates into backups, logs, and downstream systems; a credible response addresses these in a reasonable, risk-based way rather than ignoring them.
- Pause disposition under legal hold. A pending or anticipated legal claim is both a recognized exception to erasure and a standard reason to suspend routine destruction.
Litigation Holds, Public-Interest Records, and Defensible Disposition
The interaction between erasure and litigation is one place the two regimes align cleanly. Where data is needed to establish, exercise, or defend a legal claim, the GDPR permits its retention, and ordinary records practice already requires suspending destruction once litigation is reasonably anticipated. Erasing data subject to a hold would be indefensible under both frameworks, so the litigation hold simply takes precedence until it is lifted.
Public-interest and archival considerations add nuance. The GDPR makes room for retention for archiving in the public interest, scientific or historical research, and statistical purposes, subject to appropriate safeguards. Records of enduring value are not automatically erasable on request, though they may need additional protections such as minimization or access controls.
Above all, the answer to an erasure request should flow from a documented, repeatable process rather than ad hoc judgment. International standards for records management emphasize that disposition must be authorized, controlled, and evidenced; erasure decisions belong inside that same controlled apparatus, with each action and its justification recorded.
Building a Program That Can Answer Both
Organizations that handle erasure well do not treat it as a privacy-team errand bolted onto an otherwise untouched recordkeeping system. They build a single governance model in which retention schedules, legal-hold processes, and data subject rights all draw on one inventory of personal data and one set of authorized dispositions. In the United States, foundational records management practice flows from National Archives (NARA) guidance and the General Records Schedules, and NARA in 2022 retired its endorsement of the DoD 5015.2 certification in favor of the Universal Electronic Records Management Requirements (developed through the Federal Electronic Records Modernization Initiative), reflecting a broader, capability-based view of what an electronic records system must do, including reliable, auditable disposition.
The lesson for erasure is the same: deletion is only as trustworthy as the system performing it. An organization that can prove, for any piece of personal data, why it is held, how long it must be kept, and how it will eventually be destroyed is equally able to honor a legitimate erasure request and to justify refusing one. For broader context on handling personal data responsibly, see the privacy and PII topic hub.
Sources & further reading
Authoritative government and non-profit references.
- NIST Privacy Framework — NIST
- ISO 15489-1 Records management — ISO
- General Records Schedules — National Archives (NARA)
How to cite this page
APA
RM University Editorial Team. (2026). The GDPR Right to Erasure and Records Retention. Records Management University. https://www.recordsmgmt.org/articles/gdpr-right-to-erasure-and-records-retention/
MLA
RM University Editorial Team. "The GDPR Right to Erasure and Records Retention." Records Management University, 16 June 2026, www.recordsmgmt.org/articles/gdpr-right-to-erasure-and-records-retention/.