Please write a short text (500 words) that provides answers or discusses in-depth the difficulties of the two questions below.
You are in the role of a privacy manager in a company that has been collecting and processing customer data for 25 years. The customers are returning customers, while parts of your service are sold to 3rd parties. In My 2018, the GDPR will require you to govern all data according to data subject consent. In addition, your data subjects will have the right to inquire, correct or have deleted old data stored.
What would you do with old personal data from pre-GDPR regulation that is already in your databases?
How will you identify data subjects demanding data access in a scenario where the social media platform used as identity provider does not exist any longer? Think of a long-term business model with sporadic returning users with changing digital identity tokens, changing names (marriage) and origin from countries that do not have citizen numbers! How will you satisfy transparency requests from such data subjects without leaking personal data to the wrong person?
Can't change a rubric once you've started using it.