It’s months past when the EU’s General Data Privacy Regulations (GDPR) went into effect, and many are wondering, “Where are we now?”
Among the many aspects of the GDPR talked about at today’s Infosecurity North America conference, Nashira Layade, SVP, CISO at Realogy Holdings Corp., and Elena Elkina, partner at Aleada Consulting, spent a bit of time focusing on data-subject requests.
In particular, one of the three types of data-subject requests is the right to be forgotten, which in itself can be tricky, Layade said. “Understanding where the data is will help you with data-subject requests, but the right-to-be-forgotten request means that you also have to look at the requirements on how long you are supposed to hold onto that data. Always check with your legal team to make sure you are complying with all of the regulations.”
It’s also key to understand the 30-day-response requirement.