LexisNexis Right to Erasure — Delete Your Data Under GDPR
GDPR Gives You the Right to Delete Your LexisNexis Record — We Make It Enforceable
Article 17 of the GDPR gives EU data subjects the right to demand erasure of personal data where there is no longer a legitimate basis for processing. LexisNexis Risk Solutions frequently argues that AML and compliance obligations override this right. We challenge that argument — case by case — and escalate to data protection authorities when LexisNexis does not comply.
The right to erasure is not automatic. But where your data is inaccurate, outdated, or processed without a valid legal basis, it is enforceable.
The Right to Erasure Under GDPR Article 17
Article 17 GDPR requires data controllers to erase personal data without undue delay where one of several conditions applies. The most relevant for LexisNexis disputes: the data is no longer necessary for the purpose it was collected; the data is inaccurate and cannot be rectified; or the data subject objects to processing and there is no overriding legitimate interest. LexisNexis Risk Solutions is a data controller — it cannot claim the status of a neutral intermediary.
When LexisNexis Can Refuse Erasure — and When It Cannot
LexisNexis routinely argues that AML and counter-terrorism financing regulations create a legal obligation to retain data that overrides the erasure right. This argument is not universally valid — it depends on whether the specific data being retained is actually required for a current regulatory obligation.
- Where erasure can be refused: Active AML investigation, ongoing regulatory proceeding, current sanctions designation with a valid legal basis.
- Where erasure should succeed: Resolved matter with no current obligation; inaccurate data with no factual basis; historical PEP status no longer applicable; data based on a media article that has been corrected or retracted.
The Erasure Process
- Subject Access Request: We obtain the data LexisNexis holds about you and the legal basis claimed for processing.
- Legal assessment: We analyse whether the retention basis is valid for your specific circumstances.
- Formal erasure demand: A documented legal request under Article 17. LexisNexis must respond within 30 days.
- Escalation: If refused without adequate justification, we file a complaint with the relevant data protection authority — ICO (UK), BfDI (Germany), CNIL (France), AP (Netherlands), or equivalent.
- Enforcement: Where a regulatory complaint does not resolve the matter, we assess civil action under GDPR Article 82.
Related Services
The right to erasure is one component of a broader LexisNexis dispute strategy. For cases involving AML or KYC failures, see LexisNexis AML dispute under GDPR. Where the data is driving a compliance-based bank account closure, we address both in parallel.
What a LexisNexis Erasure Request Actually Involves
A LexisNexis erasure request is not a complaint form — it is a formal legal demand under GDPR Article 17 or applicable data protection law. It must identify the specific data you are requesting be erased, the legal grounds on which erasure is required, and the consequence of non-compliance (regulatory complaint, civil proceedings under GDPR Article 82). Requests that do not meet this threshold receive generic acknowledgements and no substantive action.
LexisNexis maintains a dedicated data rights team in its EU operations. Our experience is that a properly framed legal demand — submitted to the correct team with the correct legal citations — produces a response within 4 to 6 weeks. Where LexisNexis declines to erase, it must state the specific legal basis for retention. We challenge that basis through the relevant supervisory authority if it does not hold.
After Erasure: Managing Downstream Data
LexisNexis supplies data to subscribing financial institutions, insurers, and regulated businesses. When LexisNexis erases or corrects your record, that change propagates to subscribers at their next database refresh — which may take days to weeks depending on the subscribing institution. In the interim, institutions that have already made decisions (account closures, refused applications) based on the old data will need separate engagement. We advise on institutional follow-up as a standard part of every erasure case.
Where your data has been re-aggregated from LexisNexis into secondary databases, erasure at the primary source does not automatically clear those secondary records. We identify the propagation chain before pursuing erasure, so the result is comprehensive rather than partial.
Frequently Asked Questions
Frequently Asked Questions
Under GDPR, LexisNexis must respond within one calendar month. If the request is complex, they may extend by a further two months with notification. Silence beyond the initial month without a valid reason is itself a violation that can be reported to the data protection authority.
This is a valid defence — but only where a genuine, current legal obligation exists. LexisNexis cannot use a general AML compliance duty as a blanket reason to retain all data indefinitely. We assess the specific obligation claimed and whether it is proportionate to the retention period and data scope.
GDPR applies to the processing of personal data in connection with the activities of an EU-based organisation or the offering of services to individuals in the EU. Citizenship is not the determining factor. If your data was processed by LexisNexis in connection with EU financial institution screening, GDPR may still apply regardless of your residence.