The Right to be Forgotten (RTBF), aka the right to deletion or erasure, provides individuals the rights for the removal/deletion of their personal and sensitive data from an organization’s systems. Both GDPR and CCPA provide individuals the right for data erasure/deletion. However, these regulations differ in their requirements. Both have exemptions to RTBF primarily if the information is still needed to fulfil a transaction or other critical business and/or operation function.
Article 17 of the GDPR (Right to Erasure, aka Right to be Forgotten) provides specific causes that enable an individual to request information deletion. In summary, if an individual withdraws consent, or if the information no longer has a business purpose, or if the information has been used illegally, then individuals have the right for the company to erase the information.
CCPA also provides the right to delete personal data and in addition, data related to a specific household. And CCPA provides more flexibility for individuals as they can request deletion for any reason.