Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Does all email pertaining to that person need to be deleted if requested by the Data Subject?

Data deleted email person requested Subject
0
Posted

Does all email pertaining to that person need to be deleted if requested by the Data Subject?

0 CommentsAdd a Comment

1 Answer

0

No; the company will always be able to justify retention on the grounds that they may need to produce them at a later date for a variety of reasons (as evidence in court or Tribunal, to a regulator, or for dispute resolution). The company must be able to demonstrate that the data is held securely, that it cannot be accessed except by authorised investigators, and that and access is audited. The company will always be able to point to vicarious liability issues if the Data Subject argues that these were ‘personal’ emails – whether personal use was permitted by the organisation or not. The only exception might be where a company has allowed personal use of the company email system and provided guarantees to employees that personal email will not be retained.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123