ClaimForge

GDPR Rights Tool: Exercise Your EU Data Rights in Minutes

Under the General Data Protection Regulation, every EU resident has six enforceable rights over their personal data. This page explains what those rights are, how to act on them, and what to do when companies don't respond.

Your 6 GDPR Rights

Right to Access

Request a copy of all data a company holds on you — free of charge, within 30 days.

Right to Rectification

Ask to correct inaccurate or incomplete personal data without undue delay.

Right to Erasure

Also called the "right to be forgotten." Request deletion of your data under specific conditions.

Right to Portability

Receive your data in a structured, machine-readable format and transfer it to another service.

Right to Restrict

Limit how a company processes your data while a dispute or verification is pending.

Right to Object

Opt out of processing for direct marketing or profiling at any time — no justification needed.

How to Submit a GDPR Deletion Request

The right to erasure under GDPR Article 17 is the most frequently exercised right. Companies must respond within 30 days. Here is the exact process:

1

Find the data controller contact

Check the company's privacy policy or cookie notice for a Data Protection Officer (DPO) email. If none is listed, use their general legal or privacy contact.

2

Write a clear deletion request

Include your full name, the email address on the account, what data you want deleted, and cite GDPR Article 17. You are not required to justify the request.

3

Send and document the date

Email the request directly. Save a copy and record the send date — the 30-day response clock starts immediately upon receipt.

4

Escalate if no response

After 30 days with no reply, file a complaint with your national Data Protection Authority: AEPD (Spain), BfDI (Germany), CNIL (France), ICO (UK).

Account deletion is not the same as data deletion. Closing or deactivating an account does not automatically erase your personal data. Always submit an explicit GDPR Article 17 request to trigger full deletion.

ClaimForge: EU Consumer Rights in Your Browser

ClaimForge is a free Chrome extension that helps EU residents navigate consumer rights — warranty claims, returns, right-to-repair, and GDPR workflows. It walks you through the correct steps and helps you draft the right communication for each situation.

Learn more about ClaimForge →

Frequently Asked Questions

Can a company refuse to delete my data under GDPR?

Yes, in some cases. Companies can refuse if they need the data to comply with a legal obligation, to pursue or defend legal claims, or for public interest purposes. They must explain any refusal in writing within 30 days.

How long does a company have to respond to a GDPR request?

30 days. In complex cases they can extend by another 60 days, but they must notify you of the extension within the initial 30-day window.

Does GDPR apply to companies based outside the EU?

Yes. GDPR applies to any organisation that processes personal data of EU residents, regardless of where the organisation is based. A US company serving EU users must comply.

Is deleting my account the same as deleting my data?

No. Account deletion may deactivate your profile, but companies often retain your data for a defined retention period. Submit an explicit erasure request under GDPR Article 17 to trigger full deletion.

What is the difference between right to erasure and right to portability?

Right to erasure (Article 17) lets you request deletion of your data. Right to portability (Article 20) lets you receive a machine-readable copy and transfer it to another service. You can exercise both — export your data first, then request deletion.