The right to be forgotten as an element of the personal data protection system in the organisation

Introduction/background: The protection of personal data, as the protection of information on natural persons by entities which hold it, is currently a topic of considerable interest. Proper protection of personal data is closely related to the way the organisation is managed. Lack of management awareness of the dangers of inappropriate procedures in this respect can lead to abuse and even crime, e.g. identity theft. In the light of doubts as to whether to rely on existing solutions or build a system from scratch, there are many research problems in this area. Aim of the paper: The cognitive goal of this article is to analyse the basics of building a system of personal data protection in the scope of creating new internal regulations and to indicate the role of the Data Protection Officer, while the utilitarian goal is to analyse the case of a request to erase the processed data. Materials and methods: A selected organisation was studied, where a process map with a detailed description of actions was drawn up on the basis of participant observation and direct interviews. Results and conclusions: The conclusions indicate that the Data Protection Officer may perform the function of a person responsible for the system. However, their activities must be supported by information obtained from within the organisation. Therefore, it is important to involve the highest management in the development of the personal data protection system. The foundations for creating a procedure to handle the request for erasure of personal data were also indicated.