We all remember those classes that explained so much biology and so little of what we really needed to know when faced with the real thing. We all just closed our eyes and hoped for the best… The GDPR is no different.
The GDPR’s “Right to be Forgotten,” also known as “The Right to Erasure,” has been hyped a great deal over the last couple of years. In fact, the Right to Erasure requires that personal information (PI) be securely deleted when requested by the individual - within 45 days - if no legal reasons require it to be kept, i.e. litigation or regulatory compliance. But what about PI collected or purchased that make up the massive marketing contact lists used for marketing campaigns etc.?
Subscribe to the blog and get instant access to the crucial steps to ensure your cloud-based Office 365 migration goes smoothly.
As more companies move their data to the cloud, the question of data sovereignty is becoming a hotter topic. Data sovereignty is the requirement that digital data is subject to the laws of the country in which it is collected or processed. Many countries have requirements that data collected domestically must stay in that country. They argue that it’s in the Government’s interest to protect their citizen's personal information against any misuse.
A great deal has been written about the GDPR and CCPA privacy laws, both of which includes a “right to be forgotten.” The right to be forgotten is an idea that was put into practice in the European Union (EU) in May 2018 with the General Data Privacy Regulation (GDPR).
Various government privacy regulations, including GDPR, CCPA, various state regulations, and the draft federal privacy bill currently in Congress (the Consumer Data Protection Act) all include some form of the right to data erasure, otherwise known as the right to be forgotten. Because the regulations don’t specify the specifics behind the right to data erasure, some are questioning what this right means when considering PI deletion. The purpose behind this particular privacy requirement needs to be better understood as to what the regulatory authority was actually trying to accomplish.