GDPR - the right for erasure

1. Is such a customer considered an anonymous?
2. In case of a deletion request - does the phone number need to be deleted?
3. What about activity logs and CDRs where the phone number appears?
4. As for our paying customers - we have their personal details on receipts, do we need to "anonymize" those details from receipts in case of such a request?

Answers:

1. Based on the definition provided in art. 4 of the EU GDPR, personal data “means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” ( h ttps://advisera.com/eugdpracademy/gdpr/definitions/) . As you can see an identification number such as a telephone number is considered personal data and not anonymous data thus it falls under the provisions of the EU GDPR.

2. Yes, if you receive a request for deletion you need to delete the phone numbers.
You do not need to comply with such requests if the processing you are performing is:
- necessary for rights of freedom of expression or information;
- for compliance with a legal obligation under Union or Member State law;
- in the public interest or carried out by an official authority;
- for public interest in the area of public health;
- for archiving or research; or
- for legal claims.

3. Activity logs and CDRs as long as they can be associated with a specific user they also fall under the EU GDRP unless you can strip them of any identifiable data.

4. Payment details are usually required to be kept for longer periods of time (between 5 and 15 years depending on the jurisdiction) so you actually are required by law to keep those even if the data subjects requires their deletion.

To learn more about data subject rights check out our webinar “Data Subject Rights under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/)