Data Protection
The Importance Of The Right To Erasure In Data Protection
By Christine Nyandat
In the digital world, personal data is more than just information- it is a powerful asset that must be protected. Recognizing this, international and national regulations, such as the General Data Protection Regulation( GDPR) in the European Union( EU) and Kenya’ s Data Protection Act, 2019, have been enacted to give individuals greater control over their data.
The Right to Erasure is a fundamental provision in these laws. It allows individuals to request the deletion of their personal data from an organization’ s databases when: the data is no longer necessary for the original purpose of collection; the individual withdraws consent for data processing; the data was unlawfully obtained; or the data is excessive or irrelevant.
For insurance policyholders, this right means that once their insurance policy has expired, been cancelled, or transferred to another provider, they can request their former insurer to erase all personal data that is no longer required for legal or regulatory purposes.
The Right to Be Forgotten( RTBF) under the General Data Protection Regulation( GDPR) and the Right to Erasure under Kenya’ s Data Protection Act, 2019, empower individuals to request the deletion of their personal data when certain conditions are met. While both frameworks enable individuals to request deletion of their data, enforcing these rights across complex data ecosystems presents challenges for organizations.
The Right to Erasure is a fundamental element of data protection laws such as the Digital Personal Data Protection( DPDP) Act, allowing individuals to demand data deletion when certain conditions are met. However, implementing complete deletion across complex data ecosystems remains a significant challenge for organizations. The Right to Erasure plays a vital role in ensuring privacy, enhancing user trust, and ensuring compliance with legal requirements.
The GDPR, which came into force on May 25, 2018, introduced strict rules regarding data protection across the EU and beyond. Even though Kenya is not part of the EU, the GDPR has influenced data protection practices worldwide, including in the insurance industry.
Policyholders should be aware that insurers use automated decision-making and profiling based on personal data. However, under data protection laws, individuals have the right to object to automated decision-making and request human intervention in decisions that significantly affect them.
Under Article 17 of the GDPR, data subjects have the right to have their data erased, and businesses must comply unless the data is required for legal reasons, such as fraud prevention or regulatory reporting. The GDPR also regulates profiling- a practice commonly used in the insurance industry to assess risk, set premiums, and detect fraud.
Policyholders should be aware that insurers use automated decision-making and profiling based on personal data.
32 MAL65 / 25 ISSUE