Article 17 of the GDPR gives data subjects the right to erasure (right to be forgotten). In essence, once you no longer have a lawful basis to process a Subject's data, you should erase it from your system (and ensure it is erased from the system of any other Data Processors). There are several specific occasions when you should erase a subject's data. These include:
The particular situations where the right to erasure applies are explained in more detail in Recital 65 of the GDPR.
To help developers with this task, Chino.io offers an extremely simple API that ensures compliance with all requirements and eliminates all risks in less than 5 minutes.