Managing the Right to be Forgotten

  • Updated

The General Data Protection Regulation (GDPR) introduced the right for individuals to have their personal data erased, also known as ‘the right to be forgotten’. This article provides a guide on how to manage such requests within BigChange.


The right to be forgotten may be invoked when a customer refuses consent or fails to give consent over a specified period. Once a request for erasure is received, it must be complied with. The person's contact details are removed and stored in an inaccessible blacklist file, preventing further contact.

Deleting a Contact

To delete a contact, navigate to CRM -> Contacts -> select a contact -> Delete.

delete 1.png

Job cards and notes related to the 'forgotten' person will be anonymised wherever possible. However, certain areas like invoices and purchase orders cannot be anonymised due to legal requirements.

Anonymising a Contact

A contact can also be anonymised by navigating to CRM -> Contacts -> select file -> Edit -> Persons -> select the individual -> Anonymise.




The name, phone number, and email address will appear as blank. If you try to enter that email address and/or phone number, a popup will appear informing you these details are currently blacklisted.


Deleting Web Users and Resources

Web users or engineers can be deleted by navigating to Profile (icon)→ Admin Settings → Web users -> Add-edit -> Select the user -> Delete.

delete user 1.png

Please note, once data is deleted, it can only be restored up to 4 months after the deletion by accessing: Profile (icon)→ Admin Settings → Account → User events → Find the deletion event → Restore. If 4 months have passed, these users will not be able to be recovered. Deleting a web user or resource also removes the link between all elements completed by that individual. If this is not required, you may choose to rename the user, or resource, to something generic.


Managing the right to be forgotten is a crucial aspect of GDPR compliance. BigChange provides tools to delete or anonymise contacts, and delete web users or resources, ensuring your business can effectively respond to such requests.