Article 18 of the GDPR covers the Right to erasure, which the ICO describes as follows:
"Individuals have a right to 'block' or suppress processing of personal data. When processing is restricted, you are permitted to store the personal data, but not further process it. You can retain just enough information about the individual to ensure that the restriction is respected in future."
The right to restrict processing falls back into how consent is managed within your system. The ability for an individual to restrict processing is an alternative to requesting their data to be purged. If someone requests their data to be purged, there's a chance that at some point in the future a new record will be created in your system for that individual. The option to restrict processing gives individuals a way to protect themselves against such situations. Data subjects can withdraw their consent for any messaging related processing but allow for their contact record to be stored in the system in order to ensure that their restricted preferences are respected.
What you could do to be compliant:
A granular approach to managing consents will ensure that you are compliant with this right.
An alternative to relying on just consent fields could be setting up dedicated forms for Processing Restriction Requests. Alternatively, you could follow a similar process to the one used for managing purge requests as outlined here. At this stage, the ICO has limited guidance on ways to manage such procedures, but we will be updating this article as more information on this topic is published by the ICO.
Any questions? Feel free to start a live chat with a member of our support team or explore the rest of our academy at your leisure.