Another General Data Protection Regulation (GDPR) topic for discussion:
From various sources I've been reading, the subject data is spoke like they have a right to ownership of their personal data collected/stored by a controller.
If this is the case, am I, as a controller, allowed to simply delete data without notifying the subjects?
For example, I maintain a customer database with names, addresses, and email correspondence history. At some point we decide to purge the database of all customers that have not been active for more than 3 years. Am I required to notify all these customers? ...what happens if, hypothetically, one of these customers then came to me an requested portability of their data under the GDPR?
As I read more about the GDPR, there are so many grey-area hypothetical situations I'm conjuring up, it'll be interesting to see how the regulations will be enforced in practice...
From various sources I've been reading, the subject data is spoke like they have a right to ownership of their personal data collected/stored by a controller.
If this is the case, am I, as a controller, allowed to simply delete data without notifying the subjects?
For example, I maintain a customer database with names, addresses, and email correspondence history. At some point we decide to purge the database of all customers that have not been active for more than 3 years. Am I required to notify all these customers? ...what happens if, hypothetically, one of these customers then came to me an requested portability of their data under the GDPR?
As I read more about the GDPR, there are so many grey-area hypothetical situations I'm conjuring up, it'll be interesting to see how the regulations will be enforced in practice...