Summary Final Decision Art 60
No infringement of the GDPR
Date of final decision: 17 December 2019
CSAs: AT, DE-Berlin, DE-Saarland, DE-Bavaria (Private sector), DK, ES, IT, NO, SE, SK
Legal Reference: Lawfulness of the processing (Article 6), Right to erasure (Article 17)
Decision: No infringement of the GDPR
Key words: Right of erasure, Legal obligation, Anti-Money Laundering Directive
Summary of the Decision
Origin of the case
The complainant requested to have his personal data erased, but his request was rejected.
The LSA found that the controller replied to the complainant’s erasure request within a month. In his reply, the controller explained that, in light of his legal obligation under the fourth Anti-Money Laundering Directive, he was obliged to retain the complainant’s personal data for 5 years after the end of the business relationship.
This text has been converted automatically from the PDF available via
using Apache Tika to allow for a better search. This might result in some characters being mangled.
Please see the original file for the official wording at
Please see also EDPB Copyright page