← Back to free form templates
GDPR Right to Be Forgotten Request Form
Preview Use this template for free
Legal & Compliance Forms Marketing & Agencies E-commerce Software & SaaS Consulting Healthcare Education Business Human Resources Legal Finance Executive Office Manager HR Manager Manager Lawyer IT Professional Compliance Officer
About this free form template

GDPR Right to Be Forgotten Request Form Template

Under Article 17 of the General Data Protection Regulation (GDPR), individuals have the right to request that organisations erase their personal data under certain circumstances. This Right to Be Forgotten Request Form template provides businesses with a structured, compliant way to receive, verify and process data erasure requests from data subjects across the European Union and beyond.

Why Your Organisation Needs a GDPR Erasure Request Form

If your business collects, processes or stores personal data from individuals in the EU, you're required to provide a clear mechanism for data subjects to exercise their rights under GDPR. A well-designed erasure request form helps you:

  • Demonstrate GDPR compliance by providing an accessible way for individuals to submit Article 17 requests
  • Streamline your data protection workflow with structured information that helps your team process requests efficiently
  • Verify identity and intent before taking irreversible action on personal data
  • Document the request process for regulatory audits and accountability requirements
  • Reduce manual back-and-forth by collecting all necessary information upfront

What Makes This Template GDPR-Compliant

This template has been designed with GDPR Article 17 requirements in mind, including:

  • Identity verification fields to ensure requests are legitimate and protect against fraudulent erasure attempts
  • Reason selection aligned with the six lawful grounds for erasure under Article 17(1)
  • Data category specification so requesters can identify exactly what data they want erased
  • Clear acknowledgment of what erasure means and potential exceptions (such as legal obligations to retain certain records)
  • Confirmation workflow that allows your team to review requests before processing
  • Response timeline acknowledgment informing requesters of the 30-day response period required by GDPR

Who Should Use This Template

This Right to Be Forgotten form is ideal for:

  • SMBs and startups handling EU customer data who need a simple, compliant erasure request process
  • Marketing teams managing subscriber lists and customer databases
  • SaaS companies providing services to European users
  • E-commerce businesses storing customer purchase history and personal information
  • Healthcare and wellness providers (non-HIPAA) managing patient or client records
  • Educational institutions processing student and staff data
  • Professional services firms including consultancies, agencies and legal practices
  • HR departments handling employee data subject requests
  • Data protection officers looking for a standardised intake process

How to Use This Template in Your Organisation

Once you've created your form using this template, you can:

  1. Embed it on your privacy policy page or data protection section of your website
  2. Link to it from your cookie consent banner or privacy notice
  3. Share it directly with individuals who make erasure requests via email or phone
  4. Integrate with your helpdesk or ticketing system to route requests to the right team
  5. Connect to Stepper workflows to automate verification emails, internal approvals and response tracking

Automate Your GDPR Compliance Workflow with Stepper

While this form collects erasure requests, you can use Stepper, Paperform's AI-native workflow builder, to automate what happens next:

  • Send automatic acknowledgment emails confirming receipt of the request within 72 hours
  • Route requests to your data protection officer or compliance team for review
  • Trigger identity verification steps such as sending confirmation links or requesting additional documentation
  • Set up approval workflows before data is permanently erased
  • Update your CRM, database or other systems to flag records for deletion
  • Track the 30-day response deadline and send reminders to your team
  • Generate audit logs documenting when and how erasure requests were handled

This level of automation ensures you meet GDPR timelines consistently while reducing manual administrative work.

Key Features of This Template

  • Personal information collection including name, email and account identifiers
  • Identity verification section to confirm the requester is the legitimate data subject
  • Reason selection dropdown covering all Article 17(1) grounds for erasure
  • Data category checkboxes letting requesters specify what they want deleted (account info, communications, transaction history, etc.)
  • Additional context field for requesters to provide further details
  • Legal acknowledgment informing requesters of potential exceptions and what to expect
  • Consent confirmation ensuring the requester understands the implications of erasure
  • Professional, accessible design that reflects your brand while maintaining clarity

Extend Your Data Protection Compliance

Once you have a Right to Be Forgotten request form in place, consider building out your full GDPR compliance suite with additional Paperform templates:

  • Data Subject Access Requests (DSAR) for individuals requesting copies of their data
  • Data portability requests under Article 20
  • Objection to processing requests under Article 21
  • Consent withdrawal forms for marketing and non-essential processing
  • Data breach notification forms for internal reporting

Why Paperform for GDPR Compliance

Paperform is trusted by over 500,000 teams worldwide and is SOC 2 Type II compliant, offering the security, reliability and data protection features you need:

  • Data residency controls to store data in EU regions
  • GDPR-aligned data processing agreements available
  • Secure form submissions with SSL encryption
  • Conditional logic to show/hide fields based on request type
  • Integration with your existing tools via Stepper, Zapier, webhooks and native connectors
  • Role-based access so only authorised team members can view sensitive requests
  • Custom success pages and emails to communicate next steps clearly

This template gives you the foundation for handling GDPR Article 17 erasure requests professionally and efficiently. Whether you're a small business responding to your first data subject request or a growing organisation looking to standardise your compliance process, this form helps you meet your legal obligations while treating data subjects with respect and transparency.

Get started today and demonstrate your commitment to data privacy and GDPR compliance.

Built for growing businesses, trusted by bigger ones.
Trusted by 500K+ business owners and creators, and hundreds of millions of respondents.
Capterra - 4.8 out of 5 Trustpilot - 4.8 out of 5 G2 - 4.8 out of 5
Try Paperform free now

More templates like this

GDPR Customer Anonymization Request Verification Form

GDPR Customer Anonymization Request Verification Form

A comprehensive GDPR-compliant form for verifying and processing customer data anonymization requests, ensuring technical feasibility and permanent de-identification under EU data protection regulations.

 GDPR Data Breach Assessment Form

GDPR Data Breach Assessment Form

Structured assessment form to evaluate data breaches and determine if notification to supervisory authority is required under GDPR Article 33 within 72 hours.

 GDPR Data Breach Notification Form

GDPR Data Breach Notification Form

A compliant template for notifying data subjects of personal data breaches under GDPR Article 34, documenting the incident, potential consequences, and remediation measures taken by your organization.

 Privacy Notice Update Notification Form

Privacy Notice Update Notification Form

Notify data subjects of privacy policy changes and collect updated consent in compliance with GDPR requirements. Ensure transparent communication and maintain regulatory compliance.

 Data Controller Accountability Documentation Form

Data Controller Accountability Documentation Form

Comprehensive GDPR compliance documentation form for data controllers to record policies, procedures, training records, and audit results demonstrating accountability under EU data protection law.

 GDPR Data Protection Training Completion Form

GDPR Data Protection Training Completion Form

Track employee completion of GDPR data protection training with module progress tracking and knowledge verification quiz to ensure staff understand their compliance obligations.

 GDPR Data Subject Rights Request Tracker

GDPR Data Subject Rights Request Tracker

A comprehensive tracking form for Data Protection Officers to log and monitor GDPR data subject access requests (DSARs), including request type, priority, response times, and compliance metrics for regulatory reporting.

 LGPD Data Consent and Privacy Form

LGPD Data Consent and Privacy Form

Collect compliant LGPD consent from Brazilian data subjects with detailed processing disclosures, granular consent checkboxes, and comprehensive record-keeping for regulatory compliance.

 Customer Data Update Reminder Form

Customer Data Update Reminder Form

A GDPR-compliant form that reminds customers to review and update their personal data, ensuring data accuracy obligations are met while providing a streamlined self-service profile update process.

 Data Controller Change Notification & Consent Form

Data Controller Change Notification & Consent Form

Notify customers of business ownership transfer and obtain consent for data processing continuity under new data controller, with clear opt-out rights per GDPR requirements.

 Data Retention Audit Trail Form

Data Retention Audit Trail Form

Log and track data deletion activities, responsible parties, and compliance with GDPR retention schedules. Maintain a comprehensive audit trail for regulatory oversight and internal accountability.

 GDPR Binding Corporate Rules Application Form

GDPR Binding Corporate Rules Application Form

A comprehensive form for multinational groups to apply for Binding Corporate Rules (BCR) approval, enabling compliant intra-group personal data transfers across borders under GDPR requirements.