TY - GEN
T1 - GDPR article 17
T2 - 30th Irish Signals and Systems Conference, ISSC 2019
AU - Kelly, Miriam
AU - Furey, Eoghan
AU - Blue, Juanita
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/6
Y1 - 2019/6
N2 - On 25th May 2018, the GDPR Article 17, the Right to Erasure ('Right to be Forgotten') came into force making it vital for organisations to understand Personally Identifiable Information (PII) under their control. Where a valid request has been received from a data subject to erase their PII and where the PII contractual period has expired, it is crucial that all PII can be identified, located and deleted. This must be done without undue delay and the organisation must be able to demonstrate 'reasonable measures' were taken. Failure to comply may incur significant fines, not to mention negative impact to reputation. A key change implemented by GDPR was the expansion of the definition of PII; the term no longer refers to a single piece of data, therefore many small organisations don't understand the PII in their possession. Adding complexity to this burden of responsibility, many have become dependent on a hybrid cloud infrastructure as a solution to gaining a competitive advantage. Consequently, the variety of available tools present challenges based on cost and necessary restructuring to instantiate one centralised point. Additionally, many organisations lack resources to undertake this task. This highlights the challenges faced by a small organisation implementing the GDPR Article 17 Right to Erasure within a hybrid cloud storage environment. This paper aims to demonstrate that compliance with GDPR's Article 17 Right to Erasure is achievable in a Hybrid cloud environment. The can be obtained by following a list of best practice recommendations. While, 100 percent retrieval, 100 percent of the time is not possible, this paper illustrates that small organisations running an ad-hoc Hybrid cloud environment can demonstrate that 'reasonable measures' were taken to be Right to Erasure ('Right to be Forgotten') compliant.
AB - On 25th May 2018, the GDPR Article 17, the Right to Erasure ('Right to be Forgotten') came into force making it vital for organisations to understand Personally Identifiable Information (PII) under their control. Where a valid request has been received from a data subject to erase their PII and where the PII contractual period has expired, it is crucial that all PII can be identified, located and deleted. This must be done without undue delay and the organisation must be able to demonstrate 'reasonable measures' were taken. Failure to comply may incur significant fines, not to mention negative impact to reputation. A key change implemented by GDPR was the expansion of the definition of PII; the term no longer refers to a single piece of data, therefore many small organisations don't understand the PII in their possession. Adding complexity to this burden of responsibility, many have become dependent on a hybrid cloud infrastructure as a solution to gaining a competitive advantage. Consequently, the variety of available tools present challenges based on cost and necessary restructuring to instantiate one centralised point. Additionally, many organisations lack resources to undertake this task. This highlights the challenges faced by a small organisation implementing the GDPR Article 17 Right to Erasure within a hybrid cloud storage environment. This paper aims to demonstrate that compliance with GDPR's Article 17 Right to Erasure is achievable in a Hybrid cloud environment. The can be obtained by following a list of best practice recommendations. While, 100 percent retrieval, 100 percent of the time is not possible, this paper illustrates that small organisations running an ad-hoc Hybrid cloud environment can demonstrate that 'reasonable measures' were taken to be Right to Erasure ('Right to be Forgotten') compliant.
KW - Article 17
KW - Compliance
KW - GDPR
KW - Hybrid Cloud
KW - Personally Identifiable information
KW - Right To Erasure
UR - http://www.scopus.com/inward/record.url?scp=85075932181&partnerID=8YFLogxK
U2 - 10.1109/ISSC.2019.8904966
DO - 10.1109/ISSC.2019.8904966
M3 - Conference contribution
AN - SCOPUS:85075932181
T3 - 30th Irish Signals and Systems Conference, ISSC 2019
BT - 30th Irish Signals and Systems Conference, ISSC 2019
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 17 June 2019 through 18 June 2019
ER -