January 27, 2017

Erasing personal data is the right of every digital citizen

Markus Melin

Head of Tieto Security Services, Tieto

Today, one of the key issues for every organisation is the exponential growth of data. It is an obvious consequence of digitalisation and the Internet of Things: a growing amount of information is in a digital format and it can be recorded from all sorts of devices for all kinds of purposes.

We all use a myriad of social applications to interact with our family, friends and service providers. The amount of data being collected is overwhelming. There are more signs than ever, that people are also growingly aware of how how their personal data is used.

The right to be forgotten

Tieto did a survey in Sweden, interviewing over 1,000 people on data privacy and how companies use personal data. One striking key finding was: 76 per cent of interviewees said they can think of a situation where they would ask a company to erase all data concerning them, i.e. three out of four would use their right to be forgotten. 

In our digital world people spend a large proportion of their working and leisure time online. This is a reality that requires a new set of rules: the basic rights of 21st century digital citizens, if you will.These will include the right to be forgotten, and the possibility to customise one’s digital footprint.

Making it disappear

From the past we know that making personal data disappear is not an easy task.

Firstly, there might be some resistance because of the value of personal data. You might recall incidents where social networking services haven’t been that eager to remove all user information. Luckily for European consumers, GDPR will change all this: falling short of the demands of new data privacy legislation might lead to a fine of up to 4 per cent of the company’s revenue. The financial risk is so enormous, that companies will comply. 

Secondly,  what part of personal data is erasable is not a straightforward question. There are legislation and financial retention requirements. For example, tax authorities or law enforcers still need access to a part of personal data which is not controlled by the individual. To make ends meet, hundreds of Finnish and Swedish laws need to be modified before GPPR comes into effect in May 2018.

Thirdly, getting rid of personal data is not easy for organisations. Information is usually stored in several data systems and records. Variations are countless. Also, there might be backup protocols that force deleted information to appear again.

Are you ready for GDPR?

Europe's new data protection rules will become reality in just seven months. It is good to pause for a minute and reflect how your company or employer is prepared for the change.

Are GDPR and the right to be forgotten priorities that your organisation is already working on; or are you just beginning to realise what you'll be facing in the near - possibly even immediate -future?

Data is at the heart of almost every business. Until now, the objective has been to gather as much information as possible: from now on, you also need to be able to delete it. 

To learn more on the implications of GDPR, please check our latest white paper.

Stay up-to-date

Get all the latest blogs sent you now!