Feb 26, 2019
There are a few differences between CCPA and GDPR. CCPA allows 45 days rather than one month; there is a different list of exceptions; and of course, CCPA applies primarily to California residents. But, Leong pointed out, “at their core, they both pose the same fundamental challenge: finding and deleting personal data relating to the data subject. In a sense, these regulations effectively move ownership of data from the enterprise to the individual, which represents a paradigm shift in the way we view data management.”
Yet, consumers aren’t in total control and can’t have their data deleted on a whim. So while organizations bear the responsibility of deleting someone’s personal information, there are some exceptions to when they must do it. For example, said Leong, GDPR makes exception for data needed for “legitimate interests,” which actually poses a whole new challenge of determining whether data can, in fact, be deleted. “There is a hierarchy of deletion prioritization which must be enforced over legal, compliance, records-keeping and privacy needs,” Leong added. “Sorting out the order of these requirements will cause quite a few headaches itself and represents even more convincing reason why data must be managed holistically.”
Please visit Security Boulevard to read the full article.