← All articles

Right to erasure for funders: doing it properly

15 June 2026 · The Grantledger team · 2 min read

Funders hold personal data: names, contact details, sometimes sensitive information in applications. With that comes a duty to protect it and, when it is asked of you, to erase it. Doing this properly is not hard, but it does need to be designed in rather than bolted on.

What erasure does and does not mean

The right to erasure lets an individual ask you to delete their personal data when there is no overriding reason to keep it. It is not absolute. You can retain what you genuinely need for legal or accountability reasons, but you should remove what you do not.

In a grant context, that usually means removing an organisation's personal details while keeping the minimum record needed to show a decision was made and money was handled correctly.

The tension with audit trails

Here is the puzzle people get stuck on: you have a tamper-evident audit trail that must not be edited, and you have a duty to erase personal data. Those sound contradictory.

They are not, if you separate the personal data from the fact of the event. The audit trail can record that a decision happened, when, and by whom, without re-stating the applicant's personal details inside every entry. Erasure then removes the personal data from the application record while the integrity of the decision history stays intact.

Do not forget published data

If you publish awards as 360Giving open data, erasure has to reach there too. When you erase an organisation's personal data, your published records should be scrubbed to match, so you are not quietly republishing details someone asked you to remove. Treat the published surface as part of the erasure, not a separate task you might forget.

Make it a button, not a project

In practice, erasure should be a deliberate, audited action: an authorised person erases an organisation's personal data, the application records are cleared, the published open data is reconciled, and the action itself is logged. No spreadsheet archaeology, no hunting through folders.

Grantledger handles erasure this way: it clears the organisation's personal data, scrubs matching published records, and records the erasure in the audit trail, so you meet the duty without breaking the proof. For how the audit side works, see tamper-evident audit trails, explained.

Share