Under Section 12(3) of the DPDP Act 2023, a Data Principal has the right to withdraw consent and request erasure (deletion) of their personal data from a Data Fiduciary's systems. Upon withdrawal of consent, the Data Fiduciary must erase the personal data within a reasonable period unless retention is required by any law in force. In banking, this right intersects with RBI's KYC retention requirements — a bank cannot erase KYC data during the mandatory retention period even if the customer requests it. The right to erasure also does not apply to data processed under "deemed consent" provisions (Section 7) or for compliance with legal obligations.
Need Expert Advice on Right to Erasure?
For specific advice on how Right to Erasure applies to your debt recovery matter, consult Advocate Subodh Bajpai — LLM, MBA (XLRI Jamshedpur). 8+ years of exclusive banking and debt recovery practice across DRT, SARFAESI, IBC, and NI Act.
Defined by Advocate Subodh Bajpai, Senior Partner, Unified Chambers and Associates