May 31, 2018
On May 25, 2018, Europe’s General Data Protection Regulation (“GDPR”) went into effect with the aim of standardizing data protection laws for businesses that, among other things, collect, retain and/or use the personal data of European Union (“EU”) residents. Businesses across the world are trying to determine what impact the GDPR data rules will have on their operations. Larger companies, such as Google and Facebook, are already facing GDPR compliance challenges: multi-billion-dollar lawsuits have been filed against some companies for allegedly forcing consumers to consent to the collection of their personal data for targeted advertising purposes.
Over time, the enforcement of the GDPR will become more predictable and businesses will get more comfortable with the data collection and use restrictions imposed by the GDPR. However, in the first few days following the GDPR’s effective date, there are still several questions surrounding the scope of enforcement. One of those questions is:
What GDPR data can I maintain when a consumer has directed that her/his data be deleted?