How do You Implement The Right to Be Forgotten?

Posted on Posted in General News

All of the media coverage today focuses on “The Right to be Forgotten”. But how much of a big deal is that?

Well actually unless your data is all in one place it is going to be pretty hard and there are some interesting anomalies that are going to rear their ugly heads if we aren’t careful.

Practicalities of the Right to be Forgotten.

So of course first we have the scenario where the data is all in one place – isn’t it? Well of course not. Most of the clients I visit have literally thousands of spreadsheets spread across their company like confetti.

As well as the main customer database, there is the list of delegates to the next conference; the subscription list to that product you sold four years ago which is residing somewhere on Jenny’s computer and those email addresses you keep in Eloqua to manage the marketing campaigns. So before we start – do you know where all the sources of data are?

Are they forgotten for all time?

Assuming we can track down all the sources, have you considered how you are going to prove that you have deleted them all? Because somehow you have to show an audit trail that shows they have all been deleted.

And just what does the right to be forgotten mean? Presumably you can’t remove someone who is an active customer – someone who you need to deliver your product to next week for instance?

And do you buy in data from outside as prospect lists – most companies do at some point in their business cycle. So let’s take this scenario.

A bit of a poser.

Let’s say that Mrs Franklin contacts you and asks to be forgotten. So you track down all the information you have on her and after checking she is not needed for future deliver of products she has already purchased, you proceed to eradicate her – you know – just like they did to Will Smith in “Men in Black”.  You produce a report saying where you found her information and at what point it was deleted. Is that it?

Well no – because the GDPR insists that you remove all data that may be held in back ups and archives. Well that’s pretty easy if you just have back up copies of the database. You  can probably write a script that will mirror the deletions across all the back up databases. But what about archives – many of our clients have tape or DVD archives. How do you remove one single record from them. I must admit, I’m not sure. I’m not even sure it’s possible. Most data when stored in  the cloud or on analogue taps is stored in blocks. Finding one person in that block and deleting them will be virtually impossible. DVDs too will cause problems – what happens if you need to remove someone from a DVD – what do you do? Do you trash the whole DVD, thereby invalidating your security protocols?

Yes you could use re-writeable DVDs but at what cost?

A change for the future

We will need to look at how all data is stored making it completely anonymous except for one table – everything else in the company will have to be linked by hash keys. So destroying the main record invalidates all of the communication history and transaction history associated with a client – or does it?

So back to Mrs Franklin. You’ve found her and deleted her from all your main sources. And then the marketing department pop over to Experian and purchase 120,000 new prospect records. And guess what, Ms Franklin is amongst those records.

The biggest problem for companies buying data.

What currently happens is that the data processor – either inside the company or a 3rd party will de-duplicate the prospect file against all of the current records in the database. And so normally Mrs Franklin would be found and sent back to Experian with a little note saying “Thanks, but Mrs Franklin has told us that she doesn’t want to be contacted by our company”. Experian may then flag that record to say that it should not be sent to your company again and everything is OK.

But now, because of the right to be forgotten, I no longer have any record of Mrs Franklin to suppress the incoming file and so Mrs Franklin is restored to the database. What’s worse is that because she is a new record that you have paid a significant amount of money for, she is going to get mailed or emailed quite soon. She is not going to be happy. But who is at fault?

And what about the information you can’t get rid of? What about those tapes that you hold for seven years for tax purposes? Yes they can be anonymised in the future. But what about the data from 2010 which stored address details as well as transactions? How do you keep the taxman happy and honour GDPR.

Its quite obvious that in the next few years there is going to be a considerable amount of case law to be worked out. Most of which is going to cost UK businesses a pretty penny, just like Health & Safety did.

 

Leave a Reply