Sunday, 7 May 2017

Is your company ready for GDPR ?

What is it ?

Put simply it is a set of new policies adding to the current Data Protection Laws in the EU.

Companies will be required to respect "the right to be forgotten". This means that you must be fully in control of your data in such a way that all digital traces pertaining to any individual must be fully deleted should the request be made.

Whats is in scope ?

Basically all of your data must be cleansed of any identifying data if requested.  This will include all past and present data including archives and backups.

What if I dont comply with a request ?

Penalties will be imposed of up to 4 percent of worldwide turnover.

How should this be implemented ?

You will need to be able to demonstrate a process which is implemented and fully documented which complies with each request.

What problems need to be overcome ?

The biggest issue is knowing your data.  In other words having fully indexed data and systems which will ensure this can be conducted in a thorough and effective manner.

When does it come into effect ?

May 2018

Tech-2 question......

If a request is made by an individual to "be forgotten" then presumably there should also be no record of the request itself being made.  This surely would make it very difficult to prove that the request was ever received and implemented.  A more thorough understanding of this type of question needs to be investigated.

More information...

For more information visit

No comments:

Post a Comment

Email Retention Policies

Many companies have little to no email retention policies in place.  The idea here is to ensure that if a business related email is required...