GDPR Rights Tool: Exercise Your EU Data Rights in Minutes
Under the General Data Protection Regulation, every EU resident has six enforceable rights over their personal data. This page explains what those rights are, how to act on them, and what to do when companies don't respond.
Your 6 GDPR Rights
Right to Access
Request a copy of all data a company holds on you — free of charge, within 30 days.
Right to Rectification
Ask to correct inaccurate or incomplete personal data without undue delay.
Right to Erasure
Also called the "right to be forgotten." Request deletion of your data under specific conditions.
Right to Portability
Receive your data in a structured, machine-readable format and transfer it to another service.
Right to Restrict
Limit how a company processes your data while a dispute or verification is pending.
Right to Object
Opt out of processing for direct marketing or profiling at any time — no justification needed.
How to Submit a GDPR Deletion Request
The right to erasure under GDPR Article 17 is the most frequently exercised right. Companies must respond within 30 days. Here is the exact process:
Find the data controller contact
Check the company's privacy policy or cookie notice for a Data Protection Officer (DPO) email. If none is listed, use their general legal or privacy contact.
Write a clear deletion request
Include your full name, the email address on the account, what data you want deleted, and cite GDPR Article 17. You are not required to justify the request.
Send and document the date
Email the request directly. Save a copy and record the send date — the 30-day response clock starts immediately upon receipt.
Escalate if no response
After 30 days with no reply, file a complaint with your national Data Protection Authority: AEPD (Spain), BfDI (Germany), CNIL (France), ICO (UK).
Account deletion is not the same as data deletion. Closing or deactivating an account does not automatically erase your personal data. Always submit an explicit GDPR Article 17 request to trigger full deletion.
ClaimForge: EU Consumer Rights in Your Browser
ClaimForge is a free Chrome extension that helps EU residents navigate consumer rights — warranty claims, returns, right-to-repair, and GDPR workflows. It walks you through the correct steps and helps you draft the right communication for each situation.
Learn more about ClaimForge →Frequently Asked Questions
Can a company refuse to delete my data under GDPR?
Yes, in some cases. Companies can refuse if they need the data to comply with a legal obligation, to pursue or defend legal claims, or for public interest purposes. They must explain any refusal in writing within 30 days.
How long does a company have to respond to a GDPR request?
30 days. In complex cases they can extend by another 60 days, but they must notify you of the extension within the initial 30-day window.
Does GDPR apply to companies based outside the EU?
Yes. GDPR applies to any organisation that processes personal data of EU residents, regardless of where the organisation is based. A US company serving EU users must comply.
Is deleting my account the same as deleting my data?
No. Account deletion may deactivate your profile, but companies often retain your data for a defined retention period. Submit an explicit erasure request under GDPR Article 17 to trigger full deletion.
What is the difference between right to erasure and right to portability?
Right to erasure (Article 17) lets you request deletion of your data. Right to portability (Article 20) lets you receive a machine-readable copy and transfer it to another service. You can exercise both — export your data first, then request deletion.