As of May 25th, 2018, the European privacy regulation General Data Protection Regulation (GDPR) will take effect. This regulation concerns the ‘protection of natural persons with regard to the processing of personal data and on the free movement of such data’.
Important parts of the regulation are the right to access (and correct) of personal data that’s recorded and stored by organizations. The most profound and fundamental part however is that of the right to remove – under conditions – personal data (the “right to Erasure”, article 17 of the regulation).
Companies that are not compliant with the GDPR risk a substantial fine: a maximum of 20 million euros, or 4% of yearly gross revenue. However, according to research by EY, 33% of global respondents have yet to put a plan in place to realize compliancy. Time to get moving, only three short months remain!
Companies that source their IT-support or systems externally will have to make sure their vendors will be compliant. Even companies that have their own (internal) software development teams face multiple challenges to become compliant. For example, in two earlier blog posts, I researched a number of potential solutions for software applications that use Event Sourcing: here and here.
Are you ready for the GDPR? I’m more than happy to help you make the right choices. I’m not a legal expert, maar but can advise you in terms of (software) implementation or tools & technology.
Hi,
thanks for your very informative series of posts about the GDPR.
Do you have any experience which solution is used in practice and why? I am currently facing the same problems and trying to find the right solution. We talked internally the most about removing the affected data but keeping the events(to make the data anonymous). In some other cases a simple removal of the events is also an option.