As GDPR comes into force today, organisations will be faced with the potentially crippling effect of data deletion requests.
According to a recent survey, a third of Britons are likely to exercise their right to be forgotten under GDPR due to concerns about privacy and data protection.
The first step that customers will take in their right to be forgotten is the submission of a Subject Access Request (SAR). Companies must ensure that they can verify the identities of individuals who are requesting personal information.
In order to effectively verify individuals, companies should consider using multiple identity verification methods, including identity data, mobile, biometrics, and document verification, says Identity Verification expert Trulioo.
“When a customer says “forget me” to a business, challenges around identity verification loom. But having effective procedures in place in order to verify the identity of individuals who submit SARs is not the only thing to consider”, says Trulioo’s General Manager Zac Cohen.
“It is also important to educate individuals about the possible impact of deletion requests, as many don’t anticipate the impact of their history being wiped. People deserve to know that this potentially prevents them from having access to services because they will no longer be identifiable. Also, as companies no longer have a record of their regular behaviour, fraudulent behaviour becomes harder to detect.”