EU legislation adds pressure on companies to erase data

30 September 2016 by Phil Bridge

The impact of the Snowden scandal has only added to the need for the EU to increase the minimum security expectations for companies’ networks and personal data protection. The big problem is finding a way to manage information in a responsible and effective way. From high-level government information to the credit card details of an Amazon shopper, the digital network is crammed full of confidential data, and its volume and size is growing rapidly each day.

Without question, we’ve entered an epoch defined by Big Data (the term is used to sum up very large, complex, rapidly-changing datasets) and there’s no sign of a slowdown. So much Big Data is produced every second that it’s now tricky to store, manage and harness it for commercial purposes – and it’s not just the size that’s a problem but the type of data that’s being generated.

The challenge of unstructured data

In the past, most traditional data was structured, or stored neatly in databases. This was possible because there wasn’t a worldwide, interconnected network, and information was stored physically in filing cabinets or digitally on computer discs. When the digital age arrived, that arrangement disappeared and an explosion of unstructured data was produced as a result of growing digital interactions.

In addition, the world has seen a proliferation of gadgets, from smartphones to iPads to voice-activated televisions and fridges that can all record and transmit data. Industrial sensors and CCTV cameras also help to produce data so large and complex that a new approach must be taken to store, secure, and – in the case of individual rights – erase the data when a person wants to eliminate it.

How much data is out there?

Nobody can provide an exact figure on the current quantity of global data but some research claims that 90% of all the data in the world today has been created in only the past two years. Experts suggest a figure that adds up to billions of information units each day and the number is even greater now with the addition of more mobile and computer users around the world. 

Without a doubt, the birth of portable devices has been the biggest generator of data. IBM believes over 75% of the information we produce each day is unstructured and mostly coming from mobile phones. The sheer complexity of managing this large volume of data will only increase, as it’s expected the number of mobile-connected devices per capita will reach 1.5 by 2020.

By then, the world would have also downloaded over 268 billion apps, generating revenue of more than £60 billion, making apps one of the most popular computing tools for global users. Research firm Gartner concludes that mobile users will provide personalised data streams to more than 100 apps and services every day.

The accumulation of data and the rise of malware attacks and information leaks have put the spotlight on the importance of good information handling and the need for data protection.

Right to erasure

In response to the challenges of managing Big Data, the EU has introduced new legislation to combat future security threats. Among them is the EU General Data Protection Regulation (GDPR) that will strengthen individuals’ right to erasure and the right to be forgotten. The new legislation went into effect in April of this year and all organisations who are doing business inside or with companies from the EU member states will need to comply with the rules by 25th May 2018.

The GDPR is an important policy that seeks to unify different regulations, like the EU Data Protection Directive 95/46/EC , thereby making it easier for companies to understand their data administration responsibilities.  Furthermore, GDPR will also cover important aspects like globalisation or popular technological developments, such as Facebook, Twitter, Google+ and other social media circles. The new legislation will encompass all of the new ways of communicating in the digital age – and the subsequent information that’s generated from our interaction with it.

When this legislation comes into force, companies in both the private and public sectors will need to prove that data is securely erased in line with the new guidelines and show that they are fully accountable for monitoring, reviewing and assessing relevant processing procedures. They will need to show a willingness to minimise data processing and unnecessary retention as well as incorporate safeguards for all data-related activities.

Companies are becoming aware of this new responsibility – especially given the high cost for non-compliance. If companies are caught out, they could face a severe penalty of up to up 20 million euros or 4% of their worldwide turnover in the more severe cases However, many are ill-equipped to deal with the data erasure process. Additionally, they may not fully grasp the risk or effort involved in collecting so much information and the consequences of security breaches.

Image credit: "european-union-flags-olga, olga shulman" (CC BY 2.0) by  lednichenkoolga