An educational series on the EU’s soon-to-be-implemented General Data Protection Regulation (GDPR)
Over the course of this series, we’ve written quite a bit about the rules that govern company-consumer relationships under GDPR. But what happens when a consumer wants to end their relationship with a company?
Moving forward, EU citizens will hold the “right to be forgotten.” In certain circumstances, consumers will be able to request that companies destroy all records related to them. Having done so, the burden of proof will lie on the company in any instances where records must be stored or maintained to comply with other, superseding regulation.
Even in instances where all data can be destroyed without repercussion, doing so is much easier said than done. Companies with siloed data storage systems, whether by division, language, geography or something else, will have to track down everything related to that customer and prove that it has been erased.
EU citizens right to be forgotten underscores the urgent need for centralization of customer data inside companies along with accurate causation, transition and changed state records to track down every last trace.