Should I delete competitor emails from my suppression list if they request it under GDPR?

Email marketer from Email Geeks says to delete the data if there is no business relationship and someone requests deletion, especially considering potential data breaches.

Email marketer from DLA Piper explains that under GDPR, individuals have the right to erasure (the 'right to be forgotten'). This means you must delete their personal data if they request it, provided certain conditions are met. However, a legitimate interest might allow retaining data for suppression purposes to avoid future marketing.

Email marketer from Forbes indicates that under GDPR, companies must be sure that they have explicit consent to do so. This includes making sure you are able to comply with requests to be forgotten.

Email marketer from Clarip Blog shares that the right to be forgotten necessitates the deletion of personal data upon request, but a suppression list, acting under legitimate interest to prevent future unwanted communications, might be a justified exception. Documenting the reason for retention is crucial.

Email marketer from Termly notes that although GDPR grants individuals the right to request data deletion, certain exceptions exist. Maintaining a suppression list to avoid re-contacting those who have unsubscribed might be considered a legitimate interest, but this needs careful consideration and legal advice.

Email marketer from Email Geeks explains that under GDPR, you must honor requests to delete personal information. However, you can implement domain-wide suppression without violating GDPR.

Email marketer from Privacy Forums shares that it is a common practice to delete the data and add the email to a suppression list in order to ensure that they are not emailed again. You should make it clear to the user that this is what you do.

Email marketer from Mailjet says that marketers must comply with all data subject requests, even those related to data deletion. You may be able to demonstrate legitimate interest for maintaining a suppression list as it relates to preventing future mailings. This determination may require legal advice.

Email marketer from EmailOctopus explains that GDPR requires you to honour data deletion requests. While suppression lists are useful, consider whether you truly need to retain the data. Could you anonymize it or use domain-level blocking instead?

Email marketer from Reddit user LegalAdviceEmail explains that a general approach is to always comply with a request to be forgotten, but to technically maintain a 'suppression' record to ensure they are not accidentally added to marketing lists again. You must ensure this is used *only* for suppression.

Email marketer from StackExchange shares that a practical approach is to comply with the erasure request but keep a minimal record (e.g., email address and date of request) on a 'do not contact' list. This balances compliance with the right to be forgotten with the need to avoid future breaches.

Expert from Word to the Wise recommends that the best approach is to comply with erasure requests. However, if you have a legitimate business need to suppress, suppressing at the domain level could be a good compromise, as it is not tied to a specific individual.

Expert from Email Geeks suggests suppressing the entire domain instead of individual email addresses to avoid collecting PII from competitors.

Expert from Spamresource shares that While not specifically addressing competitor emails, spamresource emphasizes the importance of promptly removing addresses that generate bounces or complaints to maintain sender reputation. Treating data deletion requests with similar urgency aligns with best practices.

Expert from Email Geeks emphasizes the lawyer's liability if their advice is ignored and GDPR violations occur.

Expert from Email Geeks suggests following the lawyer's advice, as they are liable. They believe suppressing an address to prevent future emails is a valid exception to the right to be forgotten.

Documentation from European Data Protection Board shares that the Article 29 Working Party has stated that legitimate interest can be a basis for processing data, including maintaining a suppression list, but it must be carefully balanced against the individual’s rights and freedoms. Transparency is key, and the individual should be informed about this processing.

Documentation from Information Commissioner's Office (ICO) details that individuals have the right to have their personal data erased. However, this right is not absolute and applies in specific circumstances. You can refuse if processing is necessary for compliance with a legal obligation or for reasons of public interest.

Documentation from European Union, says that Recital 70 of the GDPR indicates that the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.

Documentation from GDPR.EU says that under the GDPR, data subjects have the right to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the grounds applies. Article 17 lays out the conditions.