Upon the GDPR’s application on 25 May 2018 across the European Union, new legal requirements for the protection of personal data will be enforced for data controllers operating within the EU territory. While the principles encompassed by the GDPR were mostly welcomed, two of them; namely the right to withdraw consent and the right to be forgotten, caused prolonged controversy among privacy scholars, human rights advocates and business world due to their pivotal impact on the way personal data would be handled under the new legal provisions and the drastic consequences of enforcing these new requirements in the era of big data and internet of things. In this work, we firstly review all controversies around the new stringent definitions of consent revocation and the right to be forgotten in reference to their implementation impact on privacy and personal data protection, and secondly, we evaluate existing methods, architectures and state-of-the-art technologies in terms of fulfilling the technical practicalities for the implementation and effective integration of the new requirements into current computing infrastructures. The latter allow us to argue that such enforcement is indeed feasible provided that implementation guidelines and low-level business specifications are put in place in a clear and cross-platform manner in order to cater for all possible exceptions and complexities.

中文翻译：

---

根据GDPR忘记个人数据并撤销同意：挑战和建议的解决方案

根据GDPR于2018年5月25日在欧盟范围内的适用要求，将对在欧盟领土内运营的数据控制者执行有关保护个人数据的新法律要求。尽管GDPR涵盖的原则受到了广泛欢迎，但其中有两项；即撤回同意权和被遗忘权，这在隐私学者，人权倡导者和商业世界中引起了长期争议，这是由于它们对新法律条款下处理个人数据的方式产生了关键影响，以及强制执行的严重后果大数据和物联网时代的这些新要求。在这项工作中 我们首先回顾有关撤销同意的新严格定义的所有争议，并参考其对隐私和个人数据保护的实施影响，将其遗忘的权利，其次，我们评估现有方法，体系结构和最新技术在满足实施的技术实用性和将新要求有效集成到当前计算基础架构方面。后者使我们认为，只要以清晰，跨平台的方式制定实施指南和低级业务规范，以适应所有可能的例外情况和复杂性，这种强制执行的确是可行的。架构和最先进的技术，以满足实现和将新要求有效集成到当前计算基础架构中的技术实用性。后者使我们认为，只要以清晰，跨平台的方式制定实施指南和低级业务规范，以适应所有可能的例外情况和复杂性，这种强制执行的确是可行的。架构和最先进的技术，以满足实现和将新要求有效集成到当前计算基础架构中的技术实用性。后者使我们认为，只要以清晰，跨平台的方式制定实施指南和低级业务规范，以适应所有可能的例外情况和复杂性，这种强制执行的确是可行的。