Abstract
On 25 May 2018, the General Data Protection Regulation (GDPR) Article 17, the Right to Erasure (“Right to be Forgotten”) came into force, making it vital for organisations to identify, locate and delete all Personally Identifiable Information (PII) where a valid request is received from a data subject to erase their PII and the contractual period has expired. This must be done without undue delay and the organisation must be able to demonstrate that reasonable measures were taken. Failure to comply may incur significant fines, not to mention impact to reputation. Many organisations do not understand their data, and the complexity of a hybrid cloud infrastructure means they do not have the resources to undertake this task. The variety of available tools are quite often unsuitable as they involve restructuring so there is one centralised data repository. This research aims to demonstrate that compliance with GDPR’s Article 17 Right to Erasure (“Right to be Forgotten”) is achievable in a hybrid cloud environment by following a list of recommendations. However, full retrieval, all of the time will not be possible, but we show that small organisations running an ad-hoc hybrid cloud environment can demonstrate that reasonable measures were taken to be Right to Erasure (“Right to be Forgotten”) compliant.
Highlights
The new General Data Protection Regulation (GDPR) came into force on 25 May 2018, replacing the existing data protection framework
Ireland’s Data Protection Commissioner, Helen Dixon, has publicly stated that GDPR improves the rights for data subjects by awarding them control over their Personally Identifiable Information (PII) [1]
We test how best to identify, locate and report PII stored in a variety of data formats and locations within an experimental hybrid cloud environment for a small organisation, and investigate the challenges, with a view to proposing a set of practical guidelines a small organisation can use to demonstrate reasonable measures were taken for Right to Erasure (“Right to Be Forgotten”) compliancy
Summary
The new General Data Protection Regulation (GDPR) came into force on 25 May 2018, replacing the existing data protection framework. 27001 Information Security Management System (ISMS), has been properly implemented, whilst this can offer a good starting point for organisations in becoming GDPR, Right to Erasure (“Right to Be Forgotten”) compliant, mistakes can, occur if privacy policies and procedures are not enforced. We test how best to identify, locate and report PII stored in a variety of data formats and locations within an experimental hybrid cloud environment for a small organisation, and investigate the challenges, with a view to proposing a set of practical guidelines a small organisation can use to demonstrate reasonable measures were taken for Right to Erasure (“Right to Be Forgotten”) compliancy. The objective is to propose a set of practical guidelines that a small organisation utilizing a hybrid cloud environment can use to demonstrate that reasonable measures were taken to become Right.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
