| |July 20208GDPR AND RIGHT TO BE FORGOTTEN ­ LESSONS FOR INDIA INC IN TIMES OF PANDEMICFor more than 20 years, Milind Borate is setting tones for storage and database technologies. At present, he is engrossed with cloud storage and machine learning for unstructured data and believes in developing new technology solutions.By Milind Borate, CTO, Druvaexpert opinionhe General Data Protection Regulation (GDPR) was published two years ago. At that point in time nobody had foreseen the outbreak of the COVID-19 pandemic. In the face the challenges we tackle today, GDPR is more important than ever before. Afterall, in times of crisis, regulations remind organizations to protect our security and privacy. However, while many of them were already struggling with GDPR compliance, the new working environment has created significant new challenges. But GDPR is an important tool for companies to rebuild a feeling of trust and safety in a new world that is living and will eventually overcome a global public health pandemic. Current conditions, notwithstanding, organizations can protect the privacy of their customers and employees with proper planning and investment. Two years since its genesis, several companies continue to de-pend on manual effort to respond to GDPR requests. The Right of Access and Right to be Forgotten requires them to find and delete information about an employee or customer. However, in a world of SaaS applications, edge comput-ing, and data pipelines, there is no single data repository to search for an individual's data. There is also no centralized tool to search across the data sprawl and instead, legal teams must maintain a list of all data locations and owners for future requests. In this situation, unsurprisingly, each request costs $1,400 and takes anywhere between 14 and 90 days to process, as re-ported by Gartner. Moreover, some companies process only a handful of retrievals; others are inundated with hundreds of thousands of re-quests related to the GDPR. With a sudden shift in several employees working from home, the risk of privacy threat has increased manifold. Much of the official communication which otherwise took in person, is now moved to tools like Slack and Microsoft Teams and, without understanding the implications, are transmitting and storing private information on local laptops. While individuals may be focused on getting their jobs done, the unfortunate side effect is an environment that potentially violates privacy regulations multiple times over. It also makes it incredibly difficult to fulfill a GDPR data request, since the list of possible data locations and owners becomes nearly infinite. What are Immediate Steps? With governments and businesses set to reopen post the lifting of the lockdown, the challenge of data privacy will become more challenging and create a deluge of new personal data. The new call to action on undertaking extensive testing and tracing withing organizations, many of them will hold on to personal data about employees, outside workers, and visiting customers. While this data may be limited to health and interaction telemetry, it may also extend to video analysis. Moreover, data management, whether done by organizations T
< Page 7 | Page 9 >