Extract from Michael Donev, Esq.’s article “The Cost to Forget”
As the GDPR’s enforcement date is coming closer, companies around the world working with personal information of individuals in the EU are under pressure to bring their data protection practices to compliance levels. With respect to the rights of individuals granted by the Regulation, the forthcoming costs and the need for workforce allocation will certainly add a heavy burden to organization’s budgets and create greater risks of possible non-compliance. Although, this will depend on the size and the amount of personal information an organization processes, in the case of the Right to Erasure – or also known as the “Right to be Forgotten” – the GDPR requires that controller must erase the requested data in its entirety without undue delay.
Now imagine, if a company receives a few hundred of those requests…or a few thousand! The pragmatic implications will be unprecedented and substantial resources will have to be set aside.