This complaint concerned the alleged non-response to an erasure request made by an individual to a prospective employer pursuant to Article 17 of the GDPR.

Following receipt of the complaint, the DPC engaged with the individual and the prospective employer (controller) in order to establish the subject matter of the complaint and to commence with the amicable resolution process. Further to this engagement, the DPC established that the individual had since received a response from the controller. However, the individual informed the DPC that while the controller had erased their personal data, their job application ‘account’ was still active on the controller’s website.

Having established this was the case, the DPC contacted the controller, bringing their attention to the fact that information in relation to the account had not been erased. In their response, the controller acknowledged that the information had not been fully deleted, and advised that this was due to a technical error but that they would comply with the erasure request immediately.

Subsequently, the DPC was updated by the organisation concerned that they had since fully complied with the erasure request by deleting the account. The controller also advised that they had contacted the individual to confirm the action they had taken and apologised for the delay in removing the individual’s login credentials from their systems.