Right to Be Forgotten – What's All the Fuss About?

Right to Be Forgotten – What's All the Fuss About?

Markus Melin

Head of Security Services at Tieto

Views 937

Right to Be Forgotten – What's All the Fuss About?

03.05.2017 11:00 am

The upcoming EU Data Protection Regulation, GDPR, includes the end customer's right to be forgotten.

Basically it strengthens your clients’ right to have their information removed from your systems and databases when they no longer wants it to be used, stored or processed. It is a clear manifestation of a citizens’ power over their digital footprint.

Somebody might ask what is all the fuss about deleting personal information from data systems. What makes it so hard to execute such requests?

Here are four aspects that help share some light to the scope of the reform.

1. Multitude of data systems and networks

Today, companies and organisations have a huge amount of data systems. For example, we at Tieto have about 200 different data systems – or business applications if you will – being used daily to keep the company running.

How do these data systems interact and handle personal information? It can be something like this: personal data comes to the network from system A. It is automatically transmitted to systems B, C and D. Also, the information is manually copied to systems E and F. System C rearranges the information and automatically copies that to systems G and H.

In case a full Identity and Access Management (IAM) system is not implemented throughout the organisation, this can be extremely tricky. Not to mention deleting that information. Or letting the customer know what data does the company have on her/him.

2. Rogue platforms and devices

Welcome to the BYOD culture of 2017.

It is not that uncommon that the personnel take advantage of easy-to-use end user applications if the official tools and applications are found difficult or clumsy to use.

Such rogue platforms might be in use without supervisor's knowledge or without the risk management team's knowledge for sure. If that happens, you don't have a full picture on where personal data is handled.

As GDPR also includes the responsibility to document all internal processes that are part of managing any personal data, every organisation needs to do a thorough analysis of its IT infrastructure after understanding the processes.

3. Backups and log files

Also backup processes and log files can cause difficulties. It is possible that already deleted personal information pops up again from a backup. And in case of interpretation of removal of personal data, it should be taken out from backups and log files. This is – if not totally impossible – hugely expensive for the companies.

So backup and logging processes need to be analysed, personal data stores identified and protected accordingly.

4. Legislative obligations

It's important to note that even though your clients’ rights over their digital information are enforced big time, it doesn't mean they have full mandate over their personal accounts.

There are several requirements for storing personal data that derive from the law. These legal obligations will remain and might demand that at least part of personal data must be kept intact. For example, the bookkeeping law requires you to store transactional data for certain period in-between credit card purchases to make sure you are not forgotten until the transaction is closed, goods are delivered and so on. And one can try and see what happens when asking e.g. state tax authority to “forget” them.

In short, this is the context which every organisation doing business with EU citizens have to adapt to. For sure, it will require a lot of work from many organisations but remember that the cloud has a silver lining: GDPR is a big opportunity to improve your customer experience.

This article originally appeared on perspectives.tieto.com.

Latest blogs

N/A ReliaMax

College Dreams? Here’s How to Get Accepted

Higher education in the United States is not just about getting accepted, it is about where you get accepted. Sure, there are options, there are seemingly endless options - from community colleges to Ivy League schools and everything in between. The Read more »

Bobby Gill GCWealth

Bobby Gill: 3 Ways Fintech is Helping Small Businesses During the Pandemic

Image Source: Pixabay. Back in April, the US oil prices sank to a 20-year low. In the UK, road traffic levels hit a 70-year low. Worldwide, due to lockdown, retail, travel, and restaurant bookings have dropped by 85%. More than 430 million Read more »

Christa Ardley Bitstocks

Bitcoin and blockchain without the b******t

An industry once viewed by the general populace as a haven for criminals and online scammers, and still somewhat marred by fractious in-fighting, Bitcoin and blockchain are gradually casting off their outdated negative reputation; as the focus Read more »

Otabek Nuritdinov Safenetpay

Beyond Payments Services

    Why it really matters for small for medium-sized enterprise (SMEs) to choose the right payments services provider. Strategic planners in the financial services sector often define their business in terms of products that Read more »

Chak Kolli DXC Technology

How Can Insurers Realise the True Value of AI?

As Artificial Intelligence (AI) and digital transformation find their way into every aspect of our daily lives, we are gradually seeing changes taking place in different sectors. Progressively, AI is permeating the insurance value chain and it is Read more »

Related Blogs

Tristan Morgan BT

Cyber security trends for 2020

This has been another busy year in cyber security, with hackers targeting business, governments and major cities across the globe. From a financial services perspective, 2019 witnessed a number of high-profile data breaches, some of the largest to Read more »

Amit Purohit LoginRadius

The Death of Passwords [Infographic]

In the beginning days of the Internet, Users had to remember only few passwords: An email, and a  bank password.But with the rapid development of e-commerce, self-service websites and social media, everyone now has to remember and manage dozens of Read more »

Andre Stoorvogel Rambus

Money20/20 Trends: AI, ‘Everyday Commerce’ and Security

The bright lights of Las Vegas have gone out on Money20/20 for another year. As always, the event brought together the biggest names in payments and provided unprecedented insight into the future of financial services. So, after four days of Read more »

Abdul Naushad PayCommerce

Cyber-security in Cross-Border Payments

As financial institutions make significant investments in cybersecurity technologies and systems, the hacking techniques of those determined to break into those systems and compromise information have become even more sophisticated. From the Read more »

Timo Ahomäki Tieto

WannaCry – What Was Old is New Again

Last Friday, the world saw an outbreak of one of the most extensive malware breaches in a while. This malware, called variously WannaCrypt0r, WannaCry or WCry, managed to infect tens of thousands of computers globally in the matter of hours. While Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel