ASG is now part of Rocket Software! Please visit to learn more. Follow our journey
Blog > April 2019 > The Right to be Forgotten: Part 1

The Right to be Forgotten: Part 1

May 25th marks the one-year anniversary of GDPR—the European Union (“EU”) regulation that tackles consumers’ data privacy rights on a global scale. While the risk of major fines drove initial compliance efforts, one year later, organizations are (or should be) focusing on the longer-term implications of GDPR; namely, the “Right to be Forgotten.”
ASG recently co-hosted a webinar on this topic with Steve Studer, Enterprise Sales Director, Pacific NW, at Zia Consulting, an ASG partner. ASG and Zia customers are taking consumer’s Right to be Forgotten seriously. Although it’s an EU regulation, every business with consumers may end up feeling the vast reach and impact of GDPR. For example, California—one of the top 10 economies in the world—has already passed the California Consumer Protection Act (CCPA), with Vermont, Colorado and Illinois following suit. As a reminder, GDPR and CCPA legislation give consumers the right to:
  • Know what personal information is being collected, if it is being shared and with whom
  • Access that personal information
  • “Opt out” of allowing a business to sell personal information to third parties
  • Request that their personal information is deleted, with some exceptions
Now that consumers are empowered around their personal data, organizations must be ready for incoming requests. They need an Information Management strategy that allows them to know where consumers’ personal information lives and how to properly dispose of it. If your organization is still struggling with the full implications of the Right to be Forgotten, our webinar highlights the top reasons it is valuable, essential and why you need to be prepared.
Avoid Significant Fines
Yes—even with the May 25th deadline for GDPR long past, organizations should still be weary of regulatory fines. In fact, the most immediate shift we have witnessed post-GDPR is the number of data breaches being reported. Since last year, there have been more than 40,000. In turn, 91 financial penalties have been issued due to these breaches, including some high-profile cases. Fines have increased since the GDPR was enacted, and smart companies are paying closer attention to how information is stored and shared because of it.
Protect Your Brand and Market Share
Today’s companies are increasingly concerned with brand reputation, and they should be. Breaches have financial repercussions, but they can also tarnish a company’s image in the eyes of consumers. In fact, many companies that experience security breaches see an impact in the valuation of their stock directly after. Organizations are even being sued because their financials were undermined by not having appropriate GDPR practices in place. Our customers are proactively getting their arms around consumer data before crisis loosens their foothold in the market.
Answer to Governing Bodies
Auditors have stepped up their game over the past five years. They are asking more in-depth questions about areas that have been previously overlooked and sharing that information with other regulatory agencies. As a result, regulations are being interpreted and enforced more strictly, and larger fines are being divvied out. From our perspective, auditors are paying close attention to how long content and unstructured data is being maintained within a system—which is where the Right to be Forgotten becomes so important. Organizations must be able to answer when auditors come knocking. A good place to start is knowing what personal information the organization has, how long it’s had it and how to prove compliance.
Reap Long-term Business Benefits
There is a fear around regulation preparation, but in reality, organizations should be able to quickly find and manage consumer information across disparate systems. There are many positive benefits of modernizing your information management strategy. According to many recent studies, including Gartner, offering a single plane of glass for insights into disparate systems—or, enabling a federated search—can increase end user efficiencies in front and back office operations by 40-72 percent. In fact, federation and data portability are key drivers for digital transformation projects. By complying with regulations, organizations are getting to know their customers, their activity and how to maintain good customer relations. A piece of this is deleting personal information when it is asked or required. The goal should be to manage information so it can be shared across disparate systems and, when it is no longer needed, easily disposed of.
Complying with the Right to be Forgotten is increasingly important in today’s market. Not only will it help organizations avoid penalties, but it will also enhance customer satisfaction and enable digital transformation projects. ASG’s Content Services Solution (Mobius) makes this simple by applying governance and encryption policies to content—enabling the redaction of personal information and event-based retention so data isn’t stored past the appropriate duration. ASG Content Services also delivers a single location to manage how business information is captured, governed and accessed over the course of its life cycle. With that level of visibility and access, organizations can remain in constant touch with the state of their compliance and their customers’ information.  
To learn how you can comply with data regulations, explore our Content Services solution on this product page and watch our on-demand webinar with Zia Consulting.
Stay tuned for our next blog post on top approaches for complying with the Right to be Forgotten.
Posted: 4/25/2019 8:35:19 AM by Greg Wilson - Director, Sales
Filed under :be, CCPA, consumer, data, Forgotten, GDPR, information, personal, privacy, regulation, Right, to