Right to Erasure
A data-subject privacy right, prominent in the EU GDPR and sometimes called the "right to be forgotten," to have an organization delete personal data about them once it is no longer lawfully needed.
The right to erasure is a privacy entitlement, most fully expressed in the EU’s GDPR and echoed in many newer privacy laws, that lets an individual ask an organization to delete personal data it holds about them. The duty to comply is conditional, not absolute: erasure generally applies when the data is no longer needed for its original purpose, consent is withdrawn, or processing was unlawful — but it yields where another legal basis to retain exists.
This matters in recordkeeping because erasure requests collide with retention obligations. A request cannot override a binding retention schedule, a statutory keeping requirement, or a litigation hold, and honoring one despite such a duty can amount to unlawful destruction. The practical answer is a defensible retention schedule and disciplined disposition, so personal data is purged routinely once it is no longer required, leaving fewer conflicts to litigate. For example, a former customer may demand deletion of their file, but if active legal proceedings require the records, the hold prevails until it lifts. Redaction or de-identification can sometimes satisfy the request without destroying the underlying record.