That's the legal view! The operational view is rather more complex. The fact that customers will have significant rights over their information in your database changes the whole dynamic.
In fact suggesting the information only exists in the database shows a lack of real world experience, the fact is the data may have proliferated across the organisation and be held in multiple places that may or may not directly connect to the database.
For example a simple 'Forget me' request will throw up a whole lot of challenges. As the controller you will need to make sure that systems ask the right questions of clients and remove their data when asked to do so.
But where is the data?
Answers on a post card please, the data flow diagram could well end up resembling where's Wally.
Challenges such as back up and restore of data could easily include 'forget me' files which could put a company in breach of GDPR. There are many other examples like 'forget me. 'While fines may not be as large as the maximum they will still be eye watering.
I wonder if our friends here have actually carried out a GDPR assessment?
That's the legal view! The operational view is rather more complex. The fact that customers will have significant rights over their information in your database changes the whole dynamic.
In fact suggesting the information only exists in the database shows a lack of real world experience, the fact is the data may have proliferated across the organisation and be held in multiple places that may or may not directly connect to the database.
For example a simple 'Forget me' request will throw up a whole lot of challenges. As the controller you will need to make sure that systems ask the right questions of clients and remove their data when asked to do so.
But where is the data?
Answers on a post card please, the data flow diagram could well end up resembling where's Wally.
Challenges such as back up and restore of data could easily include 'forget me' files which could put a company in breach of GDPR. There are many other examples like 'forget me. 'While fines may not be as large as the maximum they will still be eye watering.
I wonder if our friends here have actually carried out a GDPR assessment?