EU Court of Justice gives regulators a big eraser
The Court of Justice of the EU (CJEU) just ruled GDPR grants regulators power to require any data controllers caught unlawfully processing data to erase such data. This is in addition to the data controllers having to respond to data subjects’ requests to have their data released.