The Notification of Erasure

In the wake of GDPR, South Africa’s POPIA, Brazil’s LGPD, and other landmark data protection laws and regulations, there has never been a greater need for a harmonised standard to demonstrate privacy data compliance and certification.

ISO 27701: A Golden Standard

ISO 27701 (Extension to ISO 27001 and ISO 27002 for Privacy Information Management) has become the go-to standard for implementing a privacy information management system.

It bridges the gap between the privacy and security of the data, and guides organizations in implementing policies to comply with data protection laws. For example, it contains operational controls that have been mapped against relevant requirements in GDPR.

Data protection laws have had a monumental effect on the awareness and tackling of privacy issues in both the public eye and on a corporate level. They function as a roadmap for enterprises to establish a data governance program.

Companies are beginning to understand that good information handling equals good business sense. Some requirements are easier to understand and implement than others, however.

GDPR Article 19 Explained

The GDPR gives Individuals the right to be forgotten, while mandating that companies collect consent and notify data subjects in order to use their data.

But the requirements don’t end there.

Article 19 of the GDPR concerns the “notification obligation regarding rectification or erasure of personal data or restriction of processing.”

Often overlooked, Article 19 regulates the ‘notification obligation’; it requires companies to remove or rectify data upon request and to notify their customers.

Essentially, this ensures that third parties and other recipient organisations take the steps to rectify, erase or restrict the processing of personal data as well.

Lusha is Leading the Way for Data Companies

As of July 2022, Lusha is the only data broker on the market that notifies its customers of the deletion request of a data subject.

Below is an example of an automated email Lusha sends to customers who purchased the information of a data subject that has asked to be removed:

Separate from any regulations, the GDPR offers a practical approach to handling all the different aspects of data protection and this approach is embedded within ISO 27001, to which Lusha is certified.

Investing in a sustainable data management and privacy program is one of the best strategic decisions that Lusha has made, paving the way to compliance with privacy and data protection laws and a clear competitive advantage.