GDPR article 17: Eradicating personal identifiable information achieving compliance in a hybrid cloud

Miriam Kelly, Eoghan Furey, Juanita Blue

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)

Abstract

On 25th May 2018, the GDPR Article 17, the Right to Erasure ('Right to be Forgotten') came into force making it vital for organisations to understand Personally Identifiable Information (PII) under their control. Where a valid request has been received from a data subject to erase their PII and where the PII contractual period has expired, it is crucial that all PII can be identified, located and deleted. This must be done without undue delay and the organisation must be able to demonstrate 'reasonable measures' were taken. Failure to comply may incur significant fines, not to mention negative impact to reputation. A key change implemented by GDPR was the expansion of the definition of PII; the term no longer refers to a single piece of data, therefore many small organisations don't understand the PII in their possession. Adding complexity to this burden of responsibility, many have become dependent on a hybrid cloud infrastructure as a solution to gaining a competitive advantage. Consequently, the variety of available tools present challenges based on cost and necessary restructuring to instantiate one centralised point. Additionally, many organisations lack resources to undertake this task. This highlights the challenges faced by a small organisation implementing the GDPR Article 17 Right to Erasure within a hybrid cloud storage environment. This paper aims to demonstrate that compliance with GDPR's Article 17 Right to Erasure is achievable in a Hybrid cloud environment. The can be obtained by following a list of best practice recommendations. While, 100 percent retrieval, 100 percent of the time is not possible, this paper illustrates that small organisations running an ad-hoc Hybrid cloud environment can demonstrate that 'reasonable measures' were taken to be Right to Erasure ('Right to be Forgotten') compliant.

Original languageEnglish
Title of host publication30th Irish Signals and Systems Conference, ISSC 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728128009
DOIs
Publication statusPublished - Jun 2019
Event30th Irish Signals and Systems Conference, ISSC 2019 - Maynooth, Ireland
Duration: 17 Jun 201918 Jun 2019

Publication series

Name30th Irish Signals and Systems Conference, ISSC 2019

Conference

Conference30th Irish Signals and Systems Conference, ISSC 2019
Country/TerritoryIreland
CityMaynooth
Period17/06/1918/06/19

Keywords

  • Article 17
  • Compliance
  • GDPR
  • Hybrid Cloud
  • Personally Identifiable information
  • Right To Erasure

Fingerprint

Dive into the research topics of 'GDPR article 17: Eradicating personal identifiable information achieving compliance in a hybrid cloud'. Together they form a unique fingerprint.

Cite this