How security needs to deal with the “Right to Erasure” and GDPR mandates

by in Security

The strong shift toward the Digital Enterprise demands an enhanced degree of security for users, data and applications. From compliance issues to the most advanced cyber threats, current business and technology trends require sophisticated solutions to safeguard enterprises. This has made security the core of all strategy – encompassing Operations, Applications, Identity and Data. By now we’ve all been part of the EU’s General Data Protection Regulation (GDPR) which took effect on May 25, 2018. What makes it significant is the fact that the new regulation requires all businesses that process EU citizens' personal data to take heightened measures to protect their privacy.

Right to Erasure.jpgThe core principle of GDPR hinges on a key concern—accountability. As businesses continue their digital transformations, making greater use of digital assets, services, and big data, they must also be accountable for monitoring and protecting that data on a daily basis. I believe that GDPR mandates are of global interest, as it affects all organizations with business interests in Europe.

GDPR policy affects any organisation that gathers, processes, or stores personal data of any European citizen, regardless of where they reside. More importantly, the mandate defines personal data as any information about an individual, whether it relates to his or her private, professional or public life. This includes detailed information on everything from basic identity information such as name, address and ID numbers, web data such as location, IP address, cookie data and RFID tags, health and genetic data, biometric data, racial or ethnic data, political opinions and sexual orientation.

What I find really interesting is that GDPR also provides EU citizens with the ‘right to erasure’. This means that an individual can ask any business holding their data to without question erase the data upon request (also known as the “right to be forgotten”). This adds tremendous pressure on organizations when it comes to data security mandates.

Data Security in the New World. Given the explosion of internet transactions and the rapid adoption of technology at a micro level, I think it’s safe to say that we will see more mandates like GDPR in the future. Enterprises will not only need to overhaul business processes to mitigate the risks of violation, they will need to implement advanced data-centric security and encryption solutions.

Organizations will need to proactively secure sensitive data – whether the data is at-rest, in-use or in-motion. Simplified and holistic data security solutions, for even complex use cases, will help Chief Data/Digital Officers (CDOs) navigate the ever-changing landscape of data and asset security and simplify Enterprise wide governance.

How does Blockchain fit in? Having set the stage with this strong compliance measure, we need to consider technologies that will cause disruptive changes on our current landscape. Blockchain is one of them. Despite contradictions from powerful quarters, crypto currency is rapidly gaining momentum.

But here is the twist. Although encryption is fundamental to Blockchain technologies, the fact remains that transactions written on a Blockchain simply cannot be changed, or the data deleted. This conflicts with GDPR’s mandate of right to erasure.

So where do we go from here? In my opinion, the way GDPR is formulated, causes some amount of conflict with Blockchain, in that we cannot store data directly on the Blockchain since in GDPR terms ‘it is not erasable’. This is definitely a prohibitive factor from using this technology to its full potential. What could really work, is a security solution that enable log collection from any source, including custom in-house applications.

As new mandates and regulations emerge, it is important to realize that disruptive technologies are starting to replace existing siloed solutions. Helping to meet GDPR regulation and maintaining the level of compliance requires security solutions that allow data parsing, instant reporting and everything in between. I feel a broad-level, unified platform, which centralizes essential capabilities, could support several government and organizational mandates.


Gonzalo Usandizaga.jpgGonzalo Usandizaga is the VP & GM, Emerging Markets at Micro Focus. Micro Focus and HPE Software joined to become one of the largest pure-play software companies in the world. Bringing together two leaders in the software industry, Micro Focus is uniquely positioned to help customers maximize existing software investments and embrace innovation in a world of Hybrid IT - from mainframe to mobile to cloud.


Data security and encryption