What is the difference between forgetting data and deleting data?

While often used interchangeably, these terms have minor conceptual differences:

Deleting Data: Refers to removing or erasing personal data from systems, databases, and backups. This can involve purging files, clearing databases, or overwriting records so that the data is no longer accessible. Generally speaking, data deletion is a broader term since it is performed for various reasons such as for maintaining systems or at the request of a data subject.

Forgetting Data (Right to Be Forgotten): Refers specifically to the GDPR clause “the Right to Erasure (Article 17)”, also known as the “Right to Be Forgotten”. This right allows data subjects to request that their personal data be erased under certain conditions like when the data is no longer necessary for the original purpose or when the data owner wishes to withdraw consent. It also requires the controller to inform their third-party vendors processing the data to erase links, copies, or replications of the personal data.

To sum it up, data deleting is a routine process specific to organization needs. Forgetting data is slightly different – it is initiated at the request of the data subject and has legal implications that usually involve broader responsibilities for the controller as well as their third-party vendors.