The GDPR’s “Right to be Forgotten,” also known as “The Right to Erasure,” has been hyped a great deal over the last couple of years. In fact, the Right to Erasure requires that personal information (PI) be securely deleted when requested by the individual - within 45 days - if no legal reasons require it to be kept, i.e. litigation or regulatory compliance. But what about PI collected or purchased that make up the massive marketing contact lists used for marketing campaigns etc.?
A great deal has been written about the GDPR and CCPA privacy laws, both of which includes a “right to be forgotten.” The right to be forgotten is an idea that was put into practice in the European Union (EU) in May 2018 with the General Data Privacy Regulation (GDPR).
Subscribe to the blog and get instant access to the crucial steps to ensure your cloud-based Office 365 migration goes smoothly.
Various government privacy regulations, including GDPR, CCPA, various state regulations, and the draft federal privacy bill currently in Congress (the Consumer Data Protection Act) all include some form of the right to data erasure, otherwise known as the right to be forgotten. Because the regulations don’t specify the specifics behind the right to data erasure, some are questioning what this right means when considering PI deletion. The purpose behind this particular privacy requirement needs to be better understood as to what the regulatory authority was actually trying to accomplish.