EDPB Kicks Off 2025 Coordinated Enforcement on the Right to Erasure

Key Takeaways

• EDPB's Focus for 2025: The European Data Protection Board (EDPB) has launched its Coordinated Enforcement Framework (CEF) for 2025, focusing on the right to erasure, also known as the "right to be forgotten" under GDPR.
• 32 DPAs Involved: 32 Data Protection Authorities (DPAs) across Europe will be investigating how organizations handle erasure requests, ensuring compliance with GDPR conditions and exceptions.
• Collaboration Among DPAs: The DPAs will work together throughout the year, sharing findings and insights to strengthen enforcement and improve compliance across Europe.
• Empowering Individuals: The right to erasure is essential for empowering individuals to control their personal data, enhancing privacy, and maintaining trust between organizations and their users.
• Part of a Broader Strategy: The CEF is part of the EDPB's broader strategy (2024-2027) to improve cooperation and enforcement, ensuring data protection is effectively upheld in an increasingly complex digital landscape.

Deep Dive

The European Data Protection Board (EDPB) has launched its Coordinated Enforcement Framework (CEF) action for 2025. This year, the focus shifts to the right to erasure—also known as the “right to be forgotten”—a powerful tool under the General Data Protection Regulation (GDPR) that allows individuals to request the deletion of personal data.

If you’ve ever tried to get rid of something online and been met with confusing terms or ignored altogether, you might already have a sense of why this is such a critical issue. The right to erasure is one of the most frequently exercised rights under the GDPR, which is exactly why it’s becoming the spotlight of the EDPB’s efforts this year. It’s a right that individuals often rely on, and one that data protection authorities (DPAs) regularly hear complaints about. It’s time to make sure that this right is being properly respected—and that’s where the CEF comes in.

So, What’s Happening in 2025?

This year, 32 DPAs from across Europe are gearing up to scrutinize how organizations handle erasure requests. These authorities will reach out to data controllers across various sectors, launching investigations or fact-finding missions. In some cases, further actions will follow if discrepancies or non-compliance are found. The focus here is ensuring that companies not only respect individuals’ requests for data deletion but also correctly apply the necessary conditions and exceptions set out by the GDPR.

And it's not just about checking a box. The DPAs will be working together throughout the year, sharing findings and discussing their progress. The collective insights gathered will be analyzed to provide a fuller picture of how well this critical right is being upheld across Europe. These findings will not only guide national actions but will also help shape future EU-level initiatives aimed at further strengthening data protection.

Why Erasure Can't Be Ignored

The right to erasure isn’t just a technicality—it’s about empowering individuals to regain control of their personal data. With more and more personal information being generated, shared, and stored online, individuals are rightfully demanding that their data be erased when no longer needed. Whether it's to protect privacy or to avoid unnecessary exposure, this right plays a pivotal role in maintaining trust between organizations and the people they serve.

But, as with all things GDPR, there’s a lot more to it than simply clicking "delete." Data controllers need to ensure that they handle erasure requests in a lawful and fair manner, carefully navigating the conditions and exceptions set by the regulation. This isn’t always a simple task, which is why the EDPB’s coordinated approach is so important. It’s about making sure that everyone is on the same page when it comes to one of the most fundamental aspects of data privacy.

A Step Forward for GDPR

The EDPB’s Coordinated Enforcement Framework is part of a broader strategy for 2024-2027 aimed at enhancing cooperation and enforcement among DPAs. It’s a strategy that speaks to the growing need for more efficient and effective regulation in an increasingly complex digital landscape. By fostering collaboration and transparency, the EDPB hopes to ensure that data protection isn’t just a set of abstract principles but a tangible reality for everyone.

As the right to erasure continues to capture attention, it’s clear that the EDPB’s work is far from done. In fact, it’s just beginning. With 2025 marking the start of this focused enforcement, the real work of holding data controllers accountable and ensuring compliance is about to unfold. And for individuals seeking greater control over their personal data, that’s something worth paying attention to.

After all, when it comes to protecting privacy, the right to be forgotten is more than just a legal requirement—it’s a promise that individuals’ data will be treated with the respect it deserves. This coordinated enforcement is just one step closer to making that promise a reality.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.