MBF Knowledge Base

Are all MTAs responsible for being able to search and destroy any and all information about any message that passed through their system and might have ended up as a part of a  backup if a person wants to exercise their right to be forgotten? Also, how do they even know if they're involved in such a thing?

Yes partially. It is the data controller's responsibly to receive the Subject Access Requests (SAR) and ensure that any third parties they use to process the data can be asked to remove this from their systems also. As for knowing that they are involved, the data controller will contact them.


To minimize your risk and ensure your compliance click here