GDPR Right to Erasure: Data Deletion Confirmation Templates
We hope that our collection of response templates for data deletion requests will assist you in the process of dealing with DSR requests.
Disclaimer: the following templates and text are not to be used for any legal purposes and were not created by legal professionals. If you decide to use any of the forthcoming text, you will be doing so on your sole responsibility.
If you are looking for a long-term solution for handling privacy requests, check out the Mine PrivacyOps. We developed a set of tools to help companies efficiently and automatically deal with privacy requests by using smart rules and automated responses.
Key Takeaways
- What It’s About: The GDPR gives people in the EU the “right to be forgotten,” meaning they can ask organizations to delete their personal data.
- Templates Provided: The article shares four ready-to-use email templates for handling data deletion requests: confirmation of receipt, confirmation of deletion, rejection of request, and cancellation due to no response.
- Why Requests Might Be Rejected: Common reasons include no data found, legal obligations to retain data, or the requester not being covered under GDPR or CCPA.
- How to Save Time: Mine PrivacyOps can help automate and streamline how organizations manage data subject requests.
Response Template: Data Deletion Acknowledgment Receipt
Hello <hl>[name]<hl>,
Thank you for contacting <hl>[organization]<hl>.
We hereby confirm that we have received your deletion request and are currently looking into fulfilling your request.
We are processing your request and will be updating you at our earliest convenience.
Thank you,
<hl>[name/organization]<hl>
Response Template: Data Deletion Confirmation
Hello <hl>[name]<hl>,
Following your request for data deletion, we would like to confirm that your personal data has been effectively and completely deleted from our systems. All of our service providers were directed to do so as well. Each has confirmed that your data has been erased.
We hope to see you again in the future!
Thank you,
<hl>[name/organization]<hl>
Response Template: Data Deletion Rejection
Hello <hl>[name]<hl>,
Thanks for contacting us. Unfortunately, we cannot process your request at this time.
Possible reasons for this include:
- We were unable to find any records associated with the email address provided on our system.
- The right to erase conflicts with other legal statutory or contractual record retention periods, such as, financial laws and regulations that require us to maintain customer information for a period of time.
- Based on your country of residence associated with the email address provided, your request is not within the scope of the European Union GDPR or the California Consumer Privacy Act.
Thank you,
<hl>[name/organization]<hl>
Response Remplate: Data Deletion Process Cancelation
Hello <hl>[name]<hl>,
Unfortunately, we need to refuse your request as we haven’t heard back from you with the additional information necessary to identify you as a data subject.
As you have not responded to our message, this request will now be closed. If you still wish to proceed with your request, please submit a new one.
If you need help with anything else, please don't hesitate to let me know!
Thank you,
<hl>[name/organization]<hl>
Pro Tip: Bulletproof Your Erasure Workflow with Metadata Logging
- Record legal grounds for refusals under Article 17(3) GDPR (e.g. compliance with legal obligations or public interest) and map each rejection to an internal policy or regulation.
- Track timeline checkpoints (acknowledgment, follow-up, closure) to prove compliance with GDPR’s one-month deadline (extendable to two months under Article 12(3)).
- Log controller vs. processor responsibilities: clarify when the erasure action lies with you vs. a third party and document notification chains under Article 19 GDPR.
- Automate exception tagging: When deletion is denied due to conflict with another law (e.g. tax record retention), link the justification directly to a referenced regulation (e.g. IRS in the US).
Respond to Deletion Requests with Mine PrivacyOps
Mine PrivacyOps offers a smart and automated alternative to manually responding to privacy requests. With our privacy solutions, you will be able to manage all of your organization’s privacy requests processes from one place.
Conclusion
Handling data deletion requests in compliance with GDPR can be complex, but having standardized response templates can streamline the process and ensure respectful and lawful communication with data subjects. While these templates offer a useful starting point, they are not a substitute for legal advice. For organizations seeking an efficient and scalable solution to manage privacy requests, tools like Mine PrivacyOps provide automation, smart rules, and centralized workflows to simplify GDPR compliance.
Learn more about GDPR with these resources: