Introducing Microsoft 365 Privacy Management, which simplifies the difficulty.

The regulation landscape of data privacy is more complicated than ever. With new laws emerging in China and India, changes in Europe and the United Kingdom, and now 26 different laws across the United States, staying ahead of regulations may seem tough.

Privacy Management for Microsoft 365: Introduction

Microsoft 365 Privacy Management is now publicly available to help businesses protect personal data and create a privacy-resilient workplace. Privacy Management for Microsoft 365 provides automatic end-to-end visibility of privacy issues at scale, cheers to role-based access controls and data that is de-identified by default.


  1. Identify critical privacy risks and conflicts: Finding where personal data is stored, especially in an unstructured setting, is one of the most difficult aspects of protecting privacy. Most businesses still rely on inefficient and costly manual processes to maintain data inventory and mapping, mostly via email, spreadsheets, and in-person communication. By employing data classification and user mapping expertise, Privacy Management automatically and continuously assists clients in discovering where and how much private data is stored in their Microsoft 365 environments. An aggregated view of an organization’s privacy posture is viewable, including the amount, type, and location of private data, as well as associated privacy risks and trends over time.
  2. Automate privacy operations and response to subject rights requests: Privacy Management correlates data signals across the Microsoft 365 suite of solutions to provide actionable insights that enable privacy administrators to automate privacy policies using an out-of-the-box template—data transfers, data minimization, data overexposure, and subject-rights request management—or create a custom policy to meet an organization’s unique needs.
  3. Empower employees to make smart data handling decisions: You must educate your employees on how to handle data responsibly in order to create a privacy-resilient culture. Administrators may automate privacy regulations and protect sensitive data with the help of Privacy Management, which provides insights and contexts. Furthermore, data owners are offered recommended actions, training, and suggestions to help them make wise data-handling decisions, removing the need to choose between privacy and productivity.


Figure 1: Overview dashboard showcasing privacy risks and trends.

It’s a journey to achieve privacy.

Customers can purchase Privacy Management for Microsoft 365 as an add-on to their Microsoft 365 or Office 365 subscription. You can use the free 90-day trial to get started with Privacy Management. Get more information by mailing us at


Deepthi Bennan

Marketing Manager, Cyberwaves B.V.

Prepare yourself: hybrid work is difficult. Here’s how Office 365 and Microsoft Teams can assist.

Due to the pandemic, the work environment of every industry changed, the shift to remote work lasted about 15+ months. To understand this impact Microsoft conducted regular research and study among their customers and employees. As per their recent work trend survey report, indicating that in a year they send 160,000 people to work at home and onboarded 25,000 new employees, and the percentage went high in history 90%.

There’s no guarantee that the trend will continue in the increasingly complex world of hybrid work. For one thing, employee expectations have changed. According to last year’s Work Trend Index report, 73 percent of employees want the option to work remotely, but 67 percent want more in-person engagement. Without any preparation, dealing with this hybrid work paradox will be challenging.

Microsoft continues to invest in hybrid innovation as we all learn and share practical advice. Check out the new features in Microsoft Teams and Office 365 designed to help your employees no matter where they work meet their diverse work needs.

Designed for all, not just onsite attendees

 Microsoft introduced new features in June aimed at supporting inclusive hybrid meetings, including a front row for Teams Rooms, a revised Teams experience on Surface Hub, and an updated Microsoft Whiteboard that allows visual participation even if you’re not physically in the same room. With the introduction of a new category of intelligent cameras, Microsoft is ushering in the next phase of Teams Rooms innovation. This new generation of intelligent cameras is powered by three distinct technologies:

  1. AI-powered active speaker tracking, enabling in-room cameras to use audio, facial movements, and gestures to detect who in the room is speaking, zooming in for a closer perspective.
  2. Multiple video streams that allow in-room participants to be placed in their own video pane.
  3. People recognition, which will identify and display the profile name of enrolled users within their video pane.

You can create more equal meeting experiences where everyone feels visible and represented when intelligent cameras are used with Dynamic View in Teams. Teams modify various features of the meeting as individuals join it, so distant members can see the room and information well, and industry-leading partners including Jabra, Neat, Poly, and Yealink, these features will be available to original equipment manufacturers (OEMs) in the coming months and rolled out as updates over the course of the next year.

Office environments that are meant for everyone, not only in-person attendance

Microsoft is improving companion mode in Teams mobile to give in-room attendees easy access to engagement tools like chat, live reactions, and Microsoft Whiteboard, allowing them to contribute more dynamically. They’re also making it easy to access meeting and device controls, such as joining a meeting, casting a PowerPoint, muting the room, turning on and off room cameras, and more. In the coming months, the improved companion mode experience will be accessible.

It will also be simpler to organize meetings and collaborate. New features in Outlook track when and where teammates are working, as well as how they will participate in meetings. Working hours have been modified to allow you to enter work schedule details right in your calendar, letting people know when and where you’ll be working. People can now indicate whether they will attend a meeting in person or online, allowing meeting planners to better prepare by scheduling space with video conferencing capabilities or bringing a speaker pack. Early next year, Outlook will begin bringing out new hybrid work experiences.

People may find and reserve flexible workplaces in the office using the hot desking experience on Microsoft Teams displays. Access your own Teams calendar, chats, meetings, and more by booking space from your smartphone or in advance using Outlook or Teams. When hot-desking, team displays can be used as a standalone device or as a second screen, and all personal information is deleted from the device after signing out. By the end of 2021, Lenovo ThinkSmart view is planned to offer this experience.

Remote meetings that are just as effective as face-to-face meetings

 Many people used to prefer to deliver crucial presentations in person, but we’re investing to make remote presentations as successful and immersive as possible. Hybrid presentations aren’t only about providing knowledge; they also use nonverbal social cues like facial reactions and gestures to engage the audience. Cameo is a unique PowerPoint experience that combines your Teams camera stream seamlessly into your presentation, allowing you to select how and where it appears on your slides and providing layout ideas for optimal viewing. Use PowerPoint Live in Teams for an immersive remote presentation when it’s time to present. Cameo will be available in early 2022.

Speaker coach in Microsoft Teams uses AI to privately provide guidance on your speed, tell you if you are interrupting someone, and remind you to check in with your audience as we try to create an inclusive hybrid work culture where all voices can be heard. Speaker coach will be accessible in Microsoft Teams in early 2022.

The most recent automated Even in low-light situations, lighting modifications will make you seem good in video-on meetings. In the next months, lighting corrections will be accessible.

Let lose work area space at home or in the workplace and get clear strong quality for gatherings with the new Logi Dock. This docking station has an implicit speakerphone with contact controls, intended to work flawlessly with Teams. With a tad of a button, you can join Teams gatherings, change your sound, and then some. Logi Dock will be accessible in the coming months.

Stay in the progression of work with Microsoft Teams

 Adaptability comes from realizing that regardless of where you work from, you are associated with your partners and work. The most recent developments in Teams bring your #1 applications and encounters together to assist you with staying productive, centered and associated in half-breed work.

With Microsoft Teams gatherings and calls coming to Apple CarPlay, you would now be able to join Teams gatherings and settle on decisions sans hands out and about utilizing Siri.

Microsoft Viva brings correspondence, information, experiences, and learning into the progression of work. With Viva Connections, you can remain educated regarding organization news and assets straightforwardly from Teams. You can discover customized declarations, organization discussions, and a dashboard of assets for activities like presenting a day-by-day wellbeing check or cost reports. Now, Viva Connections mobile app will be available in preview.

By using Apps in Teams meetings you will empower a more engaging and productive collaboration experience. App content can now be shared and interacted with life during meetings, enabling visualizations such as real-time visual problem solving and brainstorming. With Miro, MURAL, Lucidspark, Freehand, and many more to come, you can get started right away.

While hybrid work is exciting, it will be a challenge for every leader and organization. Organizations that embrace the change and incorporate flexibility into their operating models will foster a more inclusive work environment. Microsoft is committed to fostering a hybrid work culture where flexibility leads the way – giving customers and employees the power to work from anywhere, anytime, and take control of their personal development and wellbeing.


Deepthi Bennan

Marketing Manager, Cyberwaves B.V.

Maritime Surveys: Problems Vs Cybersmart

The International Maritime Organization (IMO) has developed many international conventions to protect the safety of the crew, cargo, and the environment. Nonetheless maritime accidents still happen resulting in losses of lives, property, and damage to the marine environment.

The main reasons for these accidents include:

  1. human error,
  2. ageing ships,
  3. improper maintenance on board ships to reduce costs,
  4. increasing lack of experienced crew due to shortage of trained manpower and non-compliance with minimum international safety standard.


According to the European Maritime Safety Administration’s Annual Overview of Maritime Casualties and Incidents 2020 report: The total number of reported marine casualties and incidents over the period 2014-2019 is 19418. These incidents led to 493 very serious casualties, 496 fatalities and 6210 persons injured. This data combined with decades of maritime related serious environmental disasters, latest being the Oil spill from Crimson Polaris that had about 1,550 metric tonnes of heavy oil and about 130 metric tonnes of diesel oil on board.

Despite strict controls by classification societies, flag states, port state controls, insurers and brokers, inferior ships continue to operate and pose serious risks to human life and the environment. This is illustrated by the ship detention records recorded annually in the annual reports of all MOUs and the U.S. Coast Guard. Port state control is not a substitute for effective flag state control and by itself it is unlikely that inferior ships will be eliminated. The existence of inferior ships calls into question the way in which the condition of ships is checked, recorded and shared among stakeholders by port and flag states.

In this blog we focus on the critical role of ship inspection and data sharing in improving safety and environmental protection at sea. Various Inspection like, Annual Flag State Safety Inspection, Port State Control (PSC) Inspections, Classification Society Routine Inspections, Owners/ Charterers/ Insurance Vessel Condition Inspection, have been the primary mode to ascertain condition of vessel and the data collected forms the basis of many important decisions within the industry which has serious implication for Safety of life at Sea and the Maritime Environment.

Investigation reports into various Maritime Accidents as compiled on IMO GISIS points to human error – related to quality control and inspections – as one of the leading contributing factors. The below table shows the leading factors for ship deficiency as recorded under Paris MOU annual report for the year 2020.



Source: Paris MOU Annual Report 2020, P 45

Fire Safety and Safety of Navigation being the top categories of deficiencies underscores the importance of precise recording, reporting, data access for reference and follow up across jurisdictions to avoid impending loss of life and potential marine pollution. This record of deficiencies together with the recurring nature of maritime accidents begs for a deeper analysis and understanding of the tools, methods and process in place.

 Common pain points of a Manual Technical Survey include:

  1. Loss of life and irreparable environmental damage due to the manual surveying and control methods used in the shipping industry for centuries.
  2. On an average it takes up to seven days of planning, liaison with various parties and physical survey for each vessel to produces PDF reports like the ones below that usually sits dormant in PDF files.
  3. Historical data on ship conditions and defects are incomprehensible (static PDF reports). The lack of precise data often leads to incorrectly calculated political decisions. One such example is the PSC inspection report for all MOUs in PDF format with little or no follow-up to the deficiencies found. As soon as a ship is allowed to sail after a warning and recommendation from a PSC officer, the written text in PDF files is seldom detailed in the existing online data exchange systems (e.g., Equasis and Paris MOU detention list) which provides a brief on the vessel detention.
  4. In addition, much of the critical ship inspection information is lost due to its non-digital nature which inherits easy sharing and is prone to misunderstanding when read by other participating port state administrations. This practice sometimes results in substandard ships failing to meet regulatory requirements.

There are several important factors that deserve attention and improvement; We need a solution to address the problem of human error and data loss and to improve the currently mostly manual format of inspection and PDF-based reporting that is practiced in the maritime industry.

 Cyber Smart – The Solution!

Solving this problem of dangerous oversight, human error and data loss in the shipping industry through Cyber Smart – a web and mobile-based e-survey platform that ensures that inspection authorities are equipped with a digital survey tool that enables them to digitally transmit the survey data an app.

Cyber Smart – A Web and Mobile Application for Survey Planning, Conduct of Survey, Survey Report Generation. It is an advanced format agnostic SaaS platform taking data collection and analysis to the next level. It leverages the most advanced cloud computing infrastructure running our proprietary algorithm to spin out trends, using both collected and historical data.

We use our proprietary algorithm and the most advanced cloud computing infrastructure to generate trends from collected and historical data. The platform is revolutionizing the way inspections are performed in the shipping industry and has the potential to revolutionize data collection and analysis across industries. This mobile application is more suitable for Surveyors as there are no physical documents involved to delay the process.

Why choose Cyber Smart?

  1. Ground Surveyor uses mobile app to collect data while onboard the ship, our mobile application allows users to achieve the highest degree of digital visualization and offers the capability of collecting all types of data.
  2. One click report generation in any format. Time and effort saved.
  3. More time to focus on the critical check items that matter, thus reducing the human error that contributes to 58% of Marine incidents.
  4. Consolidation of crucial data sets through smart analytics to inform sectoral policy formulation
  5. Better protection of Marine environment and life at sea through advanced pre-emptive maintenance of vessel thus avoiding shipping related environmental disasters.


Features of Cyber Smart:

  1. The Web based version of CyberSmart positions the users to access survey data, monitor deficiency trends through customised data analytics and to extract key reports in all required format – this feature allows for seamless integration with the present system in place. CyberSmart takes away the human error element in recording of key survey data and can generate customised reports through a mouse-click.
  2. Our Mobile app allow surveyors to conduct digital inspections, and one of the key features of the application is that the mobile app communicates with web application
  3. Digital Survey Management reduces manhour spent in planning, allocation, conduct and report generation.
  4. Vessel tracking and survey allocation to ground surveyor using online dashboard
  5. Various report formats are generated digitally once all data is synced to the cloud server
  6. Secure Data Repository feeds into AI driven key visualization displayed on user interface

Still want to know more about Cyber Smart. Request a demo at:


Deepthi Bennan & Richa Dutt Nandan

Marketing Managers,

Cyberwaves B.V. & Varuna Marine B.V

Cybersecurity in 2021

Due to pandemic, cyberattacks are becoming common. The absence of a network perimeter in this new world accelerated the adoption of SASE (secure access service edge), zero trusts, and XDR (expanded identification and reaction) to guarantee remote clients and their information is ensured.

Keep reading to know more about cybersecurity in 2021. Cyber security experts predict there will be a cyberattack every 11 seconds, which is four times the rate of five years. Cyberattacks are not only increasing, the companies are also costing large financial losses.

History of Cyber Crimes

In the beginning 1970’s, the malicious link was the first document hacking when early computerized phones became the target. The techies called “ Pherakers”, who were the first hackers, discovered that the telephone system in America functioned on the basis of certain tones and tones that would result in free long distance service.

Top 8 Biggest Cyber Attacks in History

Common Types of Cyber Crimes

  1. Web attacks
  2. Malware
  3. Ransomware
  4. Password attacks
  5. Trojan Horse
  6. Insider threats
  7. Teardrop attacks
  8. Ping to the death attacks
  9. SQL injection
  10. AI powered attacks
  11. DDoS attacks
  12. PuP’s
  13. Eavesdropping Attacks
  14. Man in Middle attacks
  15. Drive by attacks
  16. Phishing attacks
  17. Spear phishing attacks
  18. Whale phishing attacks
  19. Cross Site scripting
  20. Brute force and Dictionary Network Attacks
  21. Cyberstalking
  22.  Illegal/Prohibited content

Top Industries which affect in 2021

The industries most vulnerable to cyber attacks:

  • Small businesses
  • Healthcare institutions
  • Government agencies
  • Energy companies
  • Higher education facilities
  • Information and technology complained
  • Maritime Industry

How to prevent cyber crimes in 2021?

“Precaution is better than cure.”

Prevention is more important in this case, so we are explaining the prevention of cyberattacks.

1. Common ways to prevent cyber attacks

  • Install spam filter and anti-malware software
  • Develop cybersecurity policies
  • Implement cybersecurity awareness training
  • Deploy next-generation firewalls
  • Install Endpoint detection and response (EDR)

2. Advanced protection

  • Perform A Successful Network Security Vulnerability Assessment
  • Conduct Different Types Of Penetration Testing
  • Create a data loss prevention program
  • Implement SIEM (Security Information and event management) Solution
  • Bring intrusion detection & prevent software (IDS and IPS)

We can help with prevention, mail us at

Next Articles: Maritime Technical Surveys: Problem VS Solutions


Deepthi Bennan

Marketing Manager, Cyberwaves B.V.

Puzzle of web developing continuous

(Part 2)

As we discussed earlier, websites are a tricky one these days for business. Websites need attention once a year, updated websites play a key role for business. Some of the main requirements of the new website we can’t skip are as follows: 

  1. Domain name

Domain name is the url of website, with extension ending in different types like .com (global), .org, .store, every country have its on extension like .nl (netherlands), .in (india), .ae(arab emirati) etc. Domains are the most important part of a website development which cannot skip.

2. Hosting space

 Hosting space is the space where all codes, templates, contents are store. Like domain, hosting is also non-skippable part in website development.

3. Template

Some developers design their own templates using codes, some are available to use in free and paid versions. Templates which we download from third-party sites can be edited according to our point of view.

4. Content (non copied)

Contents are another most important for website development. We need to develop our own text content and use our own photos and videos or free copyright photos and videos.

5. SEO (Search Engine Optimization)

SEO – Search Engine Optimization, the process to bring our website to the topmost search result. It has some key points to pay attention to, like meta description, title tag, etc.

6. Social media accounts links

Social media accounts links need to attach to our website always, it will help customers to visit directly on the website and can follow and see our activities on social media. Customers can follow official social media accounts, not fakes.

7. Contact details

If we provide our contact details, customers can make a quick call or mail for their queries and concerns.

8. SSL certificate

SSL certificate is a digital certificate that provides authentication and enables an encrypted connection for our website.

Next Article: Cybersecurity in 2021


Deepthi Bennan

​Marketing Manager, Cyberwaves B.V.

Microsoft 365: Benefits Defined

(Part 2)

We already talked about Microsoft 365 and the difference between Microsoft 365 and Office 365? Microsoft 365 is delivering different plans which are apt for your business. All we need to do is choose the correct plan for our business.

  1. Easy to work from anywhere in the world


Users approach the most latest business software constantly, across all their devices, particularly with the new Windows 10 Virtual Desktop. The new Office Mobile application makes telecommuting simpler than any time in the recent pandemic, you can safely get to files, communicate, and work together from any place and on any device.

Administrative work can be to a great extent with Microsoft Forms, Teams, and SharePoint and daily repetitive assignments can be automated with Power Automate to boost the Microsoft 365 advantages.

2. Management Benefits


The Cloud entry can be gotten from anywhere on any device making the management quick and simple. Microsoft Forms permits the management to make reviews and surveys to acquire business experiences while the email and calendaring abilities ensure everybody is in the perfect place at the perfect time.

The Microsoft 365 Security Center implies that security can be observed and dealt with across one place.

3. Security is more important


Microsoft 365 gives organizations consolation that their employees are enabled to work productively using the most recent business software but additionally that the business data is secure and protected. The security features inside Microsoft 365 are useful for organizations accomplishing ISO 27001 and GDPR Compliance.

The new AI abilities offer knowledge in Word, Excel, PowerPoint, and then some, helping your business run more productively and viably.


Deepthi Bennan

​Marketing Manager, Cyberwaves B.V.

Microsoft 365 and Difference with Microsoft office 365

Part 1

What is Microsoft 365?

Are you familiar with Office 356? Well Microsoft 365 is the new name of Office 365, featuring familiar programs, like Word and Excel. Microsoft rebranded Microsoft Office 365 to Microsoft 365 with more features, and Microsoft 365 Family is the new name for Office 365 Home and Microsoft 365 Personal is the new name for Office 365 Personal. 


Difference between Microsoft Office 365 and Microsoft 365?

Microsoft office 365 is sold as a one-time purchase, we can purchase for single payment for one computer. There is no other way to upgrade to the next major release, you need to purchase it at full price. 

Microsoft 365 is a subscription service, which is organized as a paid monthly subscription plan and highlights a bunch of advantages excluded with Office, including cloud-based efficiency instruments and artificial intelligence capabilities. There are Microsoft 365 plans for home and individual use, just as for small and average-sized organizations, large enterprises, schools, and non-profits. A subscription is enough for latest features, fixes, and security updates along with perennial tech support at no extra cost. 

For more information about Microsoft 365 contact our team today

Will continue…

Next topic: Microsoft 365 Benefits: Defined



Deepthi Bennan

​Marketing Manager, Cyberwaves B.V.

Puzzle of Website Developing


Do you have a website? Well, it’s important. 


Websites are very important because our customers are online. Customers today expect serious business owners to have very delightful online presence. Well designed, informative websites will add extra points to our online presence and business. If you are looking for a modern marketplace, you have to focus on professional websites.

  • 90% of business purchase decisions start from a website .
  • It will showcase your professionalism
  • It provides self care customer support to the customer
  • Increases your ROI (Return on Investment)
  • It opens you opportunities abroad
  • Easily accessible data centre for customer

Type of websites

  1. Business website – represents business information like, about business, services they provide, contact information etc


  1. Landing pages – which are used for lead generation, to collect details or information of particular product/service.

Example: Udemy Course

  1. Ecommerce website – to sell products


  1. Portfolio website – showcase of the work of artists, writers, craftspeople, designers and others working in creative fields.


  1. Non profit website – for non profit organisations like church, charity.


  1. Directory websites: for contact information, 


  1. Educational website: represents school, university etc.




Deepthi Bennan 

Marketing Manager, Cyberwaves B.V


Cybersecurity Awareness Trainings – The Human Firewall

Cybersecurity is all over the news channels and media these days. The subject even finds extensive mention on the governmental budgets and expenses.

A major chunk of the cybersecurity spend is driven by the fear of keeping external threats from stealing organizations’ most valuable asset- the information

However, according to McKinsey, 50% of the data breaches in 2017 were caused by insiders.
In a report earlier this year, Gartner sees “the trend in buyer interest in insider threats with buyer inquiries for insider threats in 2019 on pace to double the inquiries on the topic since 2018.”

The need of cybersecurity awareness trainings is imperative with the advent of diversification at the workplaces to include remote workers, contractors, part time employees, suppliers.

Add to the mix various platform integrations, managed services that promise to have a seamless experience for our users resulting in increased productivity, the insider threat risks will continue to grow.

The field of technologies traditionally used to combat insider threats is relatively siloed, and may include:

User Entity Behavior Analytics (UEBA) which is focused on detecting threats by analyzing massive amounts of “log” information

Data Loss Prevention (DLP) that approaches the problem from a “data” perspective by classifying and defining preventative controls based on content inspection

User Activity Monitoring (UAM) that focuses on only analyzing “user activity” to identify threats.

Legacy siloed technologies can’t keep up with the insider threats, unless there is measures to combat the lack of a user’s awareness.

The decision makers of today, (mis)guided by the concept of defense in depth continue to deploy the layered yet siloed solutions, where each new layer solves only a piece of the puzzle.

Where the most important aspect and the weakest link of this puzzle – Our Users gets lost in the technology centric view imposed upon them.

The insider threat and especially the lack of a user’s awareness to safeguard the information requires a more holistic approach that must include the functions such as the HR, Legal, Physical Security and not just the IT or Compliance.

User Awareness trainings must also be linked to a user’s mandatory induction or appraisals and reinforced by the management.

Now, If only the employees at the hospital understood the responsibility of handling the patient information, our neighborhood hospital could have saved the efforts and funds of a post data breach cleanup*Cybersecurity is all over the news channels and media these days. The subject even finds extensive mention on the governmental budgets and expenses.

A major chunk of the cybersecurity spend is driven by the fear of keeping external threats from stealing organizations’ most valuable asset- the information

However, according to McKinsey, 50% of the data breaches in 2017 were caused by insiders.

In a report earlier this year, Gartner sees “the trend in buyer interest in insider threats with buyer inquiries for insider threats in 2019 on pace to double the inquiries on the topic since 2018.” 


 About the Author


.Settled in The Hague, Punita is an electronics and telecom engineer by education. She has run Information Security programs and Audits for French/Indian multinational firms across the Middle east, Europe, India and Malaysia. 



The Cyber Break-ups

Art. 17 GDPR Right to erasure (‘right to be forgotten’)

Google your younger self – your full name and/or the first email address that you ever created and see what you find. It may be funny to come across a review or comment that you had publicly posted for a restaurant or a salon 10-12 years back. However, if you are a professional, an entrepreneur or trying to set yourself up as a business owner, this may also affect your brand image negatively.
Something similar happened to a Dutch doctor when her registration on the register of healthcare professionals was initially suspended by a disciplinary panel because of her postoperative care of a patient. After an appeal, this was changed to a conditional suspension under which she could continue to practice.
However, due to a misleading media report, every time someone entered her full name in Google’s search engine, (almost) immediately the mention of her name appeared on the ‘blacklist of doctors’,

The Ruling

When the surgeon tried to reason with Google and the Dutch data protection office, Autoriteit Persoonsgegevens, about removing the erroneous link, they rejected it citing that since, she was still on probation, the information remained relevant.
However, in what is said to be the first “Right to be Forgotten” ruling, involving medical negligence by a doctor, the district court of Amsterdam subsequently ruled that the surgeon had “an interest in not indicating that every time someone enters their full name in Google’s search engine, (almost) immediately the mention of her name appears on the ‘blacklist of doctors’ and this importance adds more weight than the public’s interest in finding this information in this way”.

What is the right to be forgotten?

The right to be forgotten appears in Recitals 65 and 66, and in Article 17 of the GDPR. It states: “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay” if one of a number of conditions applies. “Undue delay” is considered to be about a month. You must also take reasonable steps to verify the person requesting erasure is actually the data subject.
GDPR defines the following roles for the purpose of understanding this article:

Data Subject, Data Controller and Data Processor

The right to be forgotten dovetails with people’s right to access their personal information Article 15. The right to control one’s data is meaningless if people cannot take action when they no longer consent to processing, when there are significant errors within the data or if they believe information is being stored unnecessarily. In these cases, an individual can request that the data be erased. But this is not completely certain. If it were the critics who argue that the right to be forgotten amounts to nothing more than a rewriting of history would be correct. Thus, the GDPR walks a fine line on data erasure.

When does the right to be forgotten apply?

In Article 17, the GDPR outlines the specific circumstances under which the right to be forgotten applies. An individual has the right to have their personal data erased if:
• The personal data is no longer necessary for the purpose an organization originally collected or processed it.
• An organization is relying on an individual’s consent as the lawful basis for processing the data and that individual withdraws their consent.
• An organization is relying on legitimate interests as its justification for processing an individual’s data, the individual objects to this processing, and there is no overriding legitimate interest for the organization to continue with the processing.
• An organization is processing personal data for direct marketing purposes and the individual objects to this processing.
• An organization processed an individual’s personal data unlawfully.
• An organization must erase personal data in order to comply with a legal ruling or obligation.
• An organization has processed a child’s personal data to offer their services.
However, an organization’s right to process someone’s data might override their right to be forgotten. Here are the reasons cited in the GDPR that supersede the right to erasure:
• The data is being used to exercise the right of freedom of expression and information.
• The data is being used to comply with a legal ruling or obligation.
• The data is being used to perform a task that is being carried out in the public interest or when exercising an organization’s official authority.
• The data being processed is necessary for public health purposes and serves in the public interest.
• The data being processed is necessary to perform preventative or occupational medicine. This only applies when the data is being processed by a health professional who is subject to a legal obligation of professional secrecy.
• The data represents important information that serves the public interest, scientific research, historical research or statistical purposes and where erasure of the data would likely impair or halt progress towards the achievement that was the goal of the processing.
• The data is being used for the establishment of a legal defense or in the exercise of other legal claims.

Furthermore, an organization can request a “reasonable fee” or deny a request to erase personal data if the organization can justify that the request was unfounded or excessive.
As you can see, there are many variables at play and each request will have to be evaluated individually. Add to that the technical burden of keeping track of all the places an individual’s personal data is stored or processed, and it is easy to see why the GDPR’s new privacy rights can be a significant compliance burden for some organizations.

About the Authors

Settled in The Hague, Punita is an electronics and telecom engineer by education. She has run Information Security programs and Audits for French/Indian multinational firms across the Middle east, Europe, India and Malaysia. 

Jasmeeta is a marketing professional and works for an IT firm. She likes to bake on the weekends. Clearly sleep-deprived, she also lives in The Hague, for now. Plays pranks, most of the time. Travels, when she gets the calling.