SELF-SOVERIGN PII: MEET COMPLIANCE BY ALLOWING END USERS TO REGAIN CONTROL OF THEIR SENSITIVE DATA
The modern technology-focused organization is positioned to face some unprecedented challenges regarding growing data regulations as we head into the coming years. Over the past few years, regulations such as GDPR and CCPA have come online creating stricter requirements for how organizations store, maintain, transmit and delete (by request) their client’s personally identifiable client data.
In line with GDPR & CCPA and the citizens these specific regulations oversee, if a data owner requests that their personal data be deleted, the business is legally obligated to effectively erase all of the personally identifiable information associated with that user to maintain compliance.
Right to Be Forgotten: CCPA Vs. GDPR
CCPA Right to be Forgotten:
- An organization is required to delete information that it obtained “from” the consumer. If this data is obtained from other sources, it falls outside the scope of the right to be forgotten within CCPA.
- Under the CCPA, a consumer can request that the data be forgotten regardless of the purpose for which the data was originally collected.
GDPR Right to be Forgotten:
- GDPR extends to data collected by the organization from the consumer directly or data regarding a consumer that they acquired indirectly.
- Users can only request for data to be deleted under six specific circumstances.
- Data is no longer necessary.
- The processing was based solely on consent.
- The processing was based upon the controller’s legitimate interest, but that interest outweighed the data subject’s rights.
- The data is being processed unlawfully.
- Erasure is already required by law.
- That data was collected from a minor as part of offering an information society service.
How Rixon Provides a Solution to The Right to Be Forgotten Challenge
Rixon’s unique Cloud-based Vaultless Tokenization Platform is designed with both the organization and the data owner in mind. The Rixon solution provides a unique value to both organizations and an organization’s clients in its reversible masking capabilities. Reversible masking is the process of masking and demasking tokens. With Rixon, the end-user now regains control of when they want the organization to have access to their PII. These controls are based on what access the organization wants to give to the end-user as not to disrupt and business-specific requirements.