Right to Be Forgotten – What's All the Fuss About?

Right to Be Forgotten – What's All the Fuss About?

Markus Melin

Head of Security Services at Tieto

Views 955

Right to Be Forgotten – What's All the Fuss About?

03.05.2017 11:00 am

The upcoming EU Data Protection Regulation, GDPR, includes the end customer's right to be forgotten.

Basically it strengthens your clients’ right to have their information removed from your systems and databases when they no longer wants it to be used, stored or processed. It is a clear manifestation of a citizens’ power over their digital footprint.

Somebody might ask what is all the fuss about deleting personal information from data systems. What makes it so hard to execute such requests?

Here are four aspects that help share some light to the scope of the reform.

1. Multitude of data systems and networks

Today, companies and organisations have a huge amount of data systems. For example, we at Tieto have about 200 different data systems – or business applications if you will – being used daily to keep the company running.

How do these data systems interact and handle personal information? It can be something like this: personal data comes to the network from system A. It is automatically transmitted to systems B, C and D. Also, the information is manually copied to systems E and F. System C rearranges the information and automatically copies that to systems G and H.

In case a full Identity and Access Management (IAM) system is not implemented throughout the organisation, this can be extremely tricky. Not to mention deleting that information. Or letting the customer know what data does the company have on her/him.

2. Rogue platforms and devices

Welcome to the BYOD culture of 2017.

It is not that uncommon that the personnel take advantage of easy-to-use end user applications if the official tools and applications are found difficult or clumsy to use.

Such rogue platforms might be in use without supervisor's knowledge or without the risk management team's knowledge for sure. If that happens, you don't have a full picture on where personal data is handled.

As GDPR also includes the responsibility to document all internal processes that are part of managing any personal data, every organisation needs to do a thorough analysis of its IT infrastructure after understanding the processes.

3. Backups and log files

Also backup processes and log files can cause difficulties. It is possible that already deleted personal information pops up again from a backup. And in case of interpretation of removal of personal data, it should be taken out from backups and log files. This is – if not totally impossible – hugely expensive for the companies.

So backup and logging processes need to be analysed, personal data stores identified and protected accordingly.

4. Legislative obligations

It's important to note that even though your clients’ rights over their digital information are enforced big time, it doesn't mean they have full mandate over their personal accounts.

There are several requirements for storing personal data that derive from the law. These legal obligations will remain and might demand that at least part of personal data must be kept intact. For example, the bookkeeping law requires you to store transactional data for certain period in-between credit card purchases to make sure you are not forgotten until the transaction is closed, goods are delivered and so on. And one can try and see what happens when asking e.g. state tax authority to “forget” them.

In short, this is the context which every organisation doing business with EU citizens have to adapt to. For sure, it will require a lot of work from many organisations but remember that the cloud has a silver lining: GDPR is a big opportunity to improve your customer experience.

This article originally appeared on perspectives.tieto.com.

Latest blogs

Stephan Wolf the Global LEI Foundation

Digital ID Management: Why the World Needs the LEI

It is the only open, standardized and regulatory-endorsed system capable of establishing digitized trust between all legal entities, everywhere. There is a fundamental principle which often hinders development in the digital economy: trust. How Read more »

Dmytro Volkov CEX.IO

Security Basics: 5 Signs of Phishing

A recent WatchGuard Technologies survey showed that 86% of UK companies expect an increase in cyberattacks in the next 12 months. One big threat in particular is phishing attacks linked to COVID-19, which have recently been gaining Read more »

Keith McGill Equifax UK

COVID-19 Is Shining Spotlight on Fraud and Identity Threats

The current pandemic has forced rapid and wholesale changes to our lifestyles and opened the digital doorway for opportunistic fraudsters, escalating threat levels to new highs. This in turn has accelerated the pace of digital transformation for Read more »

Ian Johnson Marqeta

Why Fraud Doesn’t Have to Be a Fact of Online Life

We are going through very unusual times, with most of the country having lived under state-imposed lockdown in the last few months. Against this backdrop, fraudsters are unfortunately thriving, and we have seen numerous warnings and scams being Read more »

Mario Mantrisi Kneip

PRIIPS: EU stalemate

Last week, the troika of European Supervisory Authorities sent a letter to the European Commission.  The Packaged retail investment and insurance products (PRIIPS) regulation is a piece of EU legislation with troubled origins. Last Read more »

Related Blogs

Daria Afanasyeva UTP Merchant Services Ltd

Cybersecurity – Online payments are getting more secure

Ever since we've been able to buy anything we need with just a click of a button on our laptops or phones, online sales have been consistently increasing each year. Just last year, the total value of UK retail sales was £394 billion, with an average Read more »

Tristan Morgan BT

Cyber security trends for 2020

This has been another busy year in cyber security, with hackers targeting business, governments and major cities across the globe. From a financial services perspective, 2019 witnessed a number of high-profile data breaches, some of the largest to Read more »

Amit Purohit LoginRadius

The Death of Passwords [Infographic]

In the beginning days of the Internet, Users had to remember only few passwords: An email, and a  bank password.But with the rapid development of e-commerce, self-service websites and social media, everyone now has to remember and manage dozens of Read more »

Andre Stoorvogel Rambus

Money20/20 Trends: AI, ‘Everyday Commerce’ and Security

The bright lights of Las Vegas have gone out on Money20/20 for another year. As always, the event brought together the biggest names in payments and provided unprecedented insight into the future of financial services. So, after four days of Read more »

Abdul Naushad PayCommerce

Cyber-security in Cross-Border Payments

As financial institutions make significant investments in cybersecurity technologies and systems, the hacking techniques of those determined to break into those systems and compromise information have become even more sophisticated. From the Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel