Thread: Mini Mods - [DBTech] GDPR Compliance
View Single Post
Old 18 Jun 2018, 21:48
In Omnibus's Avatar
In Omnibus In Omnibus is offline
Join Date: Apr 2010
Real name: Kris
Originally Posted by Rob Graves View Post
Maybe I am confused, but how can a "data subject" ask to be forgotten when they have not registered? They have no identifiable personal information to be forgotten without registering prior.

The GDPR allows for necessary information to be collected, as long as it is not personal in nature, which, from what I know it cannot be if they are a "guest" and not registered. Article 17 of the GDP states that the right to erasure means in certain circumstances an individual can submit a request to the data controller to have personal information erased or to prevent further processing of that data.

How can they possibly not be registered and ask for personal information, of which there would be none, to be erased?

Our contact link is available to everyone, so maybe I am missing something here.

Please let me know!
Guest IP addresses are logged. IP addresses are considered personal data under the GDPR. So, a guest could visit the site one time and ask for their personal data to be forgotten.
Reply With Quote