On 18 February 2026, the European Data Protection Board (EDPB) published a report presenting the findings of its coordinated enforcement framework action on the right to erasure under Article 17 of the General Data Protection Regulation (GDPR). The action aimed to assess how effectively individuals can exercise their erasure rights and to evaluate compliance by controllers, including both small and medium-sized enterprises (SMEs) and large technology companies. The findings, drawn from 32 participating data protection authorities, highlight recurring challenges such as insufficient internal procedures, the use of ineffective anonymisation as an alternative to deletion, and difficulties in determining appropriate data retention periods. The report includes recommendations to support controllers in implementing erasure rights and confirms that the EDPB will rely on existing national guidance to promote consistent interpretation across the European Union.
Original source