Skip to main content

Q4 - What if a company refuses a Data Principal’s request citing “legal necessity”?

Answer
  • Companies can refuse erasure or correction if another law requires them to retain the data.
  • They must provide a clear explanation to the Data Principal about why the request is being denied.
  • The denial can still be challenged before the Board if the individual feels the justification is not genuine.
Example

A bank cannot erase loan records until the statutory retention period under RBI regulations is complete, even if the customer requests deletion.
But the bank must clearly explain this to the customer, instead of simply ignoring the request.