© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
There is one caveat: when consent is withdrawn, it will usually cover all of the rights to processing, which includes holding the data at all. Fortunately for most installations this shouldn't be a problem because in most cases there's more than just consent for the data being the right to process (provision of a service covers a fair amount too)
The user should be told that their account will be suspended, and reviewed by an administrator - because in some cases, the administrator will need to look at it as if it's a request for deletion as there may not be a lawful basis to hold the data any more. This will be subject to any data retention policies an institution might have, and that's a matter for them.
That said, this is based on the current published advice; the Article 29 Working Party is due to publish some guidance next month on consent and in particular on withdrawal of it. We may need to look again once that is published.