Forget-me-not

As many of us know, the right to erasure of ‘personal data’ is one of the key elements within GDPR. But that leaves a big question mark over exactly what ‘personal data’ is, and hence what data is to be erased. Back in 2007 the European Data Protection Working Party published Article 39, and defined[…]

Has GDPR ignored the elephant in the database?

‘Personal data’ is defined in GDPR as ‘any information relating to a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social[…]