When to use this template
Use this template when someone requests deletion of personal data, but you cannot delete the data due to a legal obligation. Think of:
- Fiscal retention obligation (7 years for accounting documents)
- Employment law retention obligation (personnel files)
- Legal reporting obligations (e.g. anti-money laundering regulations)
You may only retain the data that you are legally required to keep. Data that you do not need to retain must still be deleted.
The template
Template: deletion refusal
Dear [name],
We have carefully assessed your request for deletion of your personal data.
Unfortunately, we are unable to comply with your request at this time. We are legally required to retain the relevant data on the basis of [legal obligation, e.g. fiscal retention obligation of 7 years under tax legislation].
The data will be automatically deleted upon expiry of the legal retention period on [date].
You have the right to file a complaint with the supervisory authority (the Data Protection Authority in your country).
If you have any further questions, please do not hesitate to contact us.
Kind regards,
[organisation name]
Tips when refusing
- Always mention the specific law that imposes the retention obligation, not just “legal obligation”
- State when the data will be deleted
- If you can delete part of the data, do so and confirm with the deletion confirmation template
- Always point out the right to file a complaint with the supervisory authority
- Save a copy of your response in your request register
auto_awesome Do you know your retention periods?
GDPRWise helps you set the right retention period for each processing activity, so you always know when data should be deleted.