Comply with the right to be forgotten of the General Data Protection Regulation (GDPR)
The right to erasure, also known as the right to be forgotten, is a key provision of the General Data Protection Regulation (GDPR). It gives individuals the right to request that an organization delete their personal data, and requires organizations to comply with those requests within a specified time frame.
For companies with multiple tools and databases, complying with the right to erasure can be challenging. Here are some of the main challenges they face and some possible solutions.
Challenge 1: Identifying all instances of personal data
One of the first challenges companies face when trying to comply with requests to delete personal data is identifying all the instances of that data across their various tools and databases. Personal data can be stored in a variety of places, including CRM systems, marketing automation platforms, HR databases, and more. In addition, data may be duplicated across systems, making it even harder to identify and delete all instances of it.
Solution: Conduct a data inventory and mapping exercise
To identify all the instances of personal data across their various tools and databases, companies should conduct a data inventory and mapping exercise. This involves cataloging all the data that the company collects and stores, and mapping the flow of that data throughout the organization. With this information, the company can then create a data map that shows where personal data is stored and how it is used.
Challenge 2: Ensuring data is deleted across all systems
Once a company has identified all the instances of personal data across their various tools and databases, the next challenge is ensuring that data is deleted across all systems. This can be particularly challenging if data is stored in different formats or if some systems are not connected to others.
Solution: Implement a data deletion process
To ensure that data is deleted across all systems, companies should implement a data deletion process. This involves creating a standardized process for deleting data, including identifying all the systems where the data is stored, developing a timeline for deleting the data, and tracking the progress of the deletion process. In addition, companies should consider automating the deletion process wherever possible to reduce the risk of errors.
Challenge 3: Balancing the right to erasure with other legal obligations
Finally, companies must balance the right to erasure with other legal obligations, such as retention requirements or legal holds. For example, companies may be required by law to retain certain types of data for a specified period of time, even if an individual requests that it be deleted.
Solution: Develop a legal hold policy
To balance the right to erasure with other legal obligations, companies should develop a legal hold policy. This policy should outline the circumstances under which data must be retained, and the processes for doing so. In addition, the policy should include guidelines for responding to requests to delete data when a legal hold is in place.
Conclusion
Complying with the right to erasure can be challenging for companies with multiple tools and databases. However, by conducting a data inventory and mapping exercise, implementing a data deletion process, and developing a legal hold policy, companies can ensure that they are able to comply with requests to delete personal data while still meeting their other legal obligations.
Posted ago by Charles
Charles is the co-founder of Otowui and is responsible for marketing strategy and business development. He is a web enthusiast and digital marketing expert, with over 15 years of experience in the field. He enjoys creating unique and personalized user experiences for Otowui customers. He is also a developer and is passionate about the latest technologies to improve the performance and quality of Otowui's products.