No clear process for erasure requests (Art. 17) (risk flag)
Max: EUR 20M / 4% turnover
We verify this via Violation ID: nl-gdpr-right-erasure-not-supported
Forensic Hub
Technical annex
Right to be forgotten audit
Compact lexicon page for GDPR erasure readiness, workflow evidence, and SLA risk.
Document ref
LEX-GDPR-RTBF-2026
Legal basis
GDPR Art. 17 and operational deletion evidence
Audit status
VERIFIED BY COMPLIANCE-NU
right to be forgotten NLGDPR erasure request audit
Scare trigger
Unresolved erasure requests are a high-confidence signal of rights-handling non-conformance.
Injected violations
Under this legal framework, these technical failure patterns are repeatedly observed.
No clear DSAR channel (data subject rights contact) (risk flag)
Max: EUR 20M / 4% turnover
We verify this via Violation ID: nl-gdpr-rights-no-dsar-channel
Calculated risk snippet
Rights handling exposure model
Maximum = max(fixed ceiling, turnover percentage).
Indicative max exposure
€10M
Audit scope
Validate intake, identity checks, due dates, and proof that deletion propagated across linked systems.
Without systematic closure logs, complaints quickly turn into evidence gaps.
Master index