Erasing Personal Data Is the Right of Every Digital Citizen
- Markus Melin, Head of Security Services at Tieto
- 02.02.2017 09:45 am Personal Data
Today, one of the key issues for every organisation is the exponential growth of data. It is an obvious consequence of digitalisation and the Internet of Things: more and more information is in digital format and it can be recorded from all sorts of devices for all kinds of purposes.
We all use a myriad of social applications to interact with our family, friends and service providers. The amount of data being collected is overwhelming. Now, there are clear signs that people are more aware of how their personal data is used.
Tieto did a survey in Sweden and interviewed over 1,000 people on data privacy and how companies use personal data. One key finding that struck my eye was this: 76 per cent of interviewees said they can think of a situation where they would ask a company to erase all data about themselves. I.e. three out of four might use their right to be forgotten, if they find it necessary.
In our digital world people spend a large proportion of their working and leisure time online. This is a reality that requires a new set of rules: the basic rights of 21st century digital citizens, if you will. The right to be forgotten and the possibility to customise one’s digital footprint will be one of them.
From the past we know that making personal data disappear is not a simple question or an easy task.
First, there might be some resistance because of the value of personal data. You might recall incidents where social networking services haven’t been that eager to remove all user information. Luckily for the European consumers, GDPR will change all this: falling short from the demands of new data privacy legislation might lead to a fine of up to 4 per cent of the company’s revenue. The financial risk is so huge that companies will comply, sooner than later.
Second, what part of personal data is erasable is not a straightforward question. There are also other legislation and financial retention requirements. For example, tax authorities or law enforcers still need access to a part of personal data which is not controlled by the individual. To make ends meet, literally hundreds of Finnish and Swedish laws need modification before GPPR comes into effect in May 2018.
Third, getting rid of personal data is not an easy task for organisations. Information is usually stored in several data systems and records. Variations are countless. Also, there might be backup protocols that force deleted information to pop up again.
On January 28th, we are celebrating the International Data Privacy & Protection Day.
It is a good day to pause for a minute to reflect how your company or employer is performing on this front. Are GDPR and the right to be forgotten priorities that your organisation is already working on; or are you just beginning to realise what the very near future will bring along?
Data is at the heart of almost every business. Until now, the objective has been to gather as much information as one possibly can: from now on, you also need to be able to get rid of it.
To learn more on the implications of GDPR, please check our latest white paper.