Home Forums SQLServerCentral.com Editorials Brush Up on Your ETL Skills RE: Brush Up on Your ETL Skills

  • February 21, 2018 at 1:48 am

    #1980590

    For GDPR Article 17 "Right of Erasure" may require you to have a mechanism to delete all forum posts and private messages for a particular user.
    I don't think  "Right of Erasure" would cover articles written by someone in the unlikely event of an author requesting erasure.
    "Right of Erasure" does not trump the legal requirement to keep financial records for the legally mandated time period
    If Redgate haven't done so already it is wise to get advice from legal.

    A subject access request for subscribers would cover anything in their profile but as the site provides the mechanism to see this it is effectively self service.  If there is nothing beyond what people can self-serve then it may be as simple as having an explicit GDPR page that states how a requester can retrieve their own data.

    Article 20 "Right to data portability" is an interesting one.  It doesn't limit its scope but I think historically it re-enforces consumers rights to swap energy suppliers, broadband/mobile providers and now banking providers.  In the context of SQLServerCentral it could be a mechanism to download a subscriber's profile by that subscriber.

    Another interesting wrinkle is what do you do when not all your data is in SQL Server?  Does something like Apache Presto (implemented in AWS as Athena) provide an answer to this and serendipitously to a general business problem?

    As general advice to people facing GDPR I would say take a good hard look at any company file shares, email in-boxes, drop-box/One Drive type accounts, work-stations, Sharepoint etc.  In the SQL Server world we have a structured data store with a defined retention strategy, purge, archive and backup.  On company file shares and mail-boxes there is God knows what, God knows where and in God knows what format.
    If your HR department takes a scan of your passport when you first join the company then they need to have defined processes in place to purge those images when they are no-longer in use.  Unless you have some form of auditing software such as http://www.groundlabs.com which has the capability to perform OCR on images it is going to be very hard to identify what your exposure and risk is.

    LinkedIn Profile