Posted by Geraldine Hunt on Wed, May 16th, 2018
How can you forget me, when you can't even find me? Strange question? Well, definitely not when we speak in the context of GDPR. By now I’m sure you’re aware of the approaching GDPR May 25th. A key tenet of GDPR is the ‘right to be forgotten’ – so to my earlier question…it’s not possible to forget me (delete all my data) if you can’t even find me!
Extension of rights
The ‘right to erasure’ or ‘right to be forgotten’ is represented in Article 17 of the GDPR.
The GDPR has expanded and developed this 'right to erasure' to include all data held by any organization, whether publicly available or not. Under the GDPR any EU citizen can request all personal information be deleted by an organization:
- Where the data is no longer necessary in relation to the purpose for which it was originally collected
- Where the citizen withdraws consent and there are no legal or other overriding legitimate interest for continuing to hold the data
- Where the data was illegally processed
- When the personal data is processed in relation to the offer of information society services to a child
Burden of proof
The GDPR also flips the burden of proof from the citizen to the 'data controller' i.e. the organization. Previously the data subject/citizen would have to prove they had the right to have their data destroyed.
What this means
The GDPR states that data controllers must communicate with data subjects “in a concise, transparent, intelligible and easily accessible form, using clear and plain language.” Where an EU citizen wants to exercise one of their rights the 'data controller' has to comply “without undue delay” or within a month of the request.
Responding to ‘Right to Erasure requests’
A key feature of ArcTitan our email archiving solution is the ‘privileged & delete user’ feature which helps customers to comply with this ‘Right to be Forgotten’. The Audited delete process regulates the destruction of emails in a controlled manner. Emails can be easily found and deleted.
This is an important element in achieving GDPR compliance. Since Q3 2017 we’ve seen a surge in businesses looking for robust email archiving to meet the demand of the GDPR. FIND OUT MORE at TitanHQ.com/ArcTitan