Even prior to the General Data Protection Regulation (GDPR) becomes effective, in May 2018, major businesses have felt the effect of people requesting to be forgotten. This occurs when a person asks for private data being kept to be erased. This was to be projected because of the volume of private data that is collected as a consequence of online interactions, like making a buying from an online collection or using social media.
The Google Instance
It’s only lately that Google has disclosed precisely how many demands it has gotten for search engine outcomes to be erased. The total figure is an unbelievable 2.4 million and the tech genius has abode by 43% of them. Since a ruling by the European Court of Justice in 2014, residents of the EU have had the entitlement to question search engine providers to delete any search results that contained their name.
Given the number of requests this has generated, it will be exciting to see what occurs when the far more strict GDPR laws become effective. According to these laws, the entitlement to be forgotten is reinforced. People residing within the European Union have the permission to ask for any private data being kept and handled to be erased. Organizations and businesses will have to abide by these requests unless there’s a lawfully valid and convincing reason to carry on handling the data.
Getting ready for the Entitlement to be Forgotten
This might be a difficult task for organizations and companies, given that the entitlement relates to all data, including that being handled by a third-party. This is why it’s essential that arrangements are made for the entitlement right to be forgotten, as part of the overall arrangements for the application of GDPR laws. It’s not possible for an organization or business to easily remove information if they don’t know where the information is being kept, and who is accountable for handling and managing it. It’s essential that companies and organizations record this information so that they can cope with requests to be forgotten and abide by GDPR rules.
As with failure to abide by the GDPR as a whole, non-compliance with the entitlement to be forgotten might have grave effects on organizations and companies. The pertinent Data Protection Authority (DPA) has the entitlement to impose penalties of up to 20 million euros or 4% of the yearly transaction, whichever is more, in circumstances where there has been a failure to abide by. This isn’t something that any organization or business can afford to occur.
Apart from the financial effects, companies might also experience damage to their standing, if they are found to be non-compliant. This sort of reputational harm can be extremely difficult to surmount. This is why it’s so vital for companies to audit all of the data they kept, make sure that they have a legal and valid reason for handling it and that they are easily capable to erase it if requested to.