Data deletion & right to be forgotten

Why is data deletion important?

What are the legal obligations of a company when it comes to data deletion?

  • Right to know what information the company has about them.
  • Right to ask the company to delete any personal information they have.

What is realistically possible in a complex, evolving organization?

  • Identifying data sources. This problem is especially big in startups.
  • Streamlining the data model. Customer data should be treated and managed as master data. A lot of companies do not do this.
  • Don’t use personally identifiable information (PII) such as phone number or email address as your primary key.
  • Ensure you always use structured data sets.
  • Use proper naming conventions for columns and variables.
  • Have processes to avoid internal data leaks.

Can we use tools to help implement the above suggestions?

How can you say that you have realistically implemented delete?

  • Collect the data you need. Keep this as minimal as possible.
  • Unless required by compliance, do not retain data. Any data you retain is a liability.
  • Anonymize PII in data sources.
  • Guard your communication channels and maintain a list of users who want to be forgotten.

Conclusion

About Shaik Idris

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store