In addition, there are existing rules about dealing with data retention so implementing a 'right to forget/erasure' request must be enforced in compliance with both sets of rules.
All these complexities will compromise the effectiveness of the ruling, and will likely increase the risk of non-compliance for organisations and potentially put CISOs under even more pressure. Presently there is no precedence of a right or wrong approach to organisations executing such requests so as yet we can only guess as to the repercussions of failed executions of such requests.
Frankly, the ruling is ambiguous in its guidance on implementation. The EU needs to do a lot more in clarifying to organisations and individuals alike how this regulation will work. The intent of the ruling may be honourable but its technical implementation is ill thought through. The risk of 'whitewash' is significant and it will prove costly and distracting for businesses unless these issues are ironed out.
Source: Computerworld UK
Sign up for CIO Asia eNewsletters.