OK, so we're a telecoms company and there are a couple of things I'm unsure about: 1) Call records - we keep these for a long time for the purposes of allowing customers to see their records, and also for settlement with our partner telcos (billing, etc). Also, we do get DPA requests from the Police when they think one of our numbers has been involved in fraud, etc. 2) Payment records - our customers can pay by card, direct debit, cash at the bank, bank transfer, etc. We retain this data for very similar reasons to those above. If a customer says they want us to forget them, are we entitled to say "Yes, but we need to hold on to them for X months for the purpose of zzzzzz"? Also, if a customer is identified as being part of a fraud, are they allowed to force us to forget them, so that they can do it again?