i gave the example with data deletion. deleting someone’s data means also deleting or altering data products derived from it - like statistics, machine learning models etc. which are, in turn, used to create different data products and so on. which are shared, stored and processed beyond the company with different partners (called processors, which may have processors of their own that not even the original data controller needs to be aware of). and you as the primary data controller are technically reaponsible for all of it everywhere. and erasure or withdrawal of consent is the easy case… data subject can, in principle, withdraw consent only for specific purpose or specific processor.
Hm, alright, I can see that - but to me, this is an example of business practices that the GDPR is explicitly trying to restrict. Of course it will be difficult to delete someone’s data if you’ve been sharing it with many other companies.
i gave the example with data deletion. deleting someone’s data means also deleting or altering data products derived from it - like statistics, machine learning models etc. which are, in turn, used to create different data products and so on. which are shared, stored and processed beyond the company with different partners (called processors, which may have processors of their own that not even the original data controller needs to be aware of). and you as the primary data controller are technically reaponsible for all of it everywhere. and erasure or withdrawal of consent is the easy case… data subject can, in principle, withdraw consent only for specific purpose or specific processor.
Hm, alright, I can see that - but to me, this is an example of business practices that the GDPR is explicitly trying to restrict. Of course it will be difficult to delete someone’s data if you’ve been sharing it with many other companies.