GDPR Compliance Solution

25th of May 2018

Why GPDR compliants solutions ?

Functioning as a centralized dashboard, GPDR solutions provides organizations with a complete view of their information assets files, data, emails, etc.) Our semantic engine, combined with other applications on various mediums (servers,desktops, laptops, pst files, etc.), will conduct a physical inventory of your documents and then a semantic inventory of select target documents.

GPDR compliants enables you to fully understand the structure of your information assets and corporate documents so that you can get the most value out of them.


Getting Your Organization Ready for GDPR!

« In May 2018, the General Data Protection Regulation comes into force. Many new and stringent requirements, related to personally identifiable information (PII), need to be addressed immediately. All organizations with more than 250 employees and doing business with EU citizens must comply. The challenge, for most organizations, is that documents containing PII are omnipresent, well beyond traditional ERP systems, in email systems, file shares, ECM platforms, cloud repositories, etc »

Do you know about the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is a law designed to protect personal data. GDPR harmonizes data privacy lawsacross Europe. The law extends regulations to corporations that operate in Europe.

GDPR provides for the protection, processing and movement of personal data. It covers information used to identify or profile a person to evaluate, analyze or predict behavior.

The law applies to recipients who give information freely when their personal data is processed. GDPR applies to when specific, informed and explicit consent by statement or action to signify agreement to process personal data.

GDPR also applies to situations where a data breach leads to accidental or unlawful access to, destruction or misuse of personal data. The law covers biometric data relating to physical, physiological or behavioral information of an individual and their unique identification. It also relates to inherited or acquired data, biological sample data, health or physiological data.

GDPR was approved by EU Parliament on April 14th, 2016 and will be enforced on May 25th, 2018

Non-compliant firms will face heavy fines. GDPR applies to businesses that process personal data of people residing in the European Union. If a business breaches GDPR, fines can amount to 4% of annual global Revenue or €20 Million (whichever is greater). When a customer does not provide sufficient consent to process data or when consumer records are not in proper order, fines can amount to 2% of annual global revenue

When a business does not adequately notify a supervising authority about a data breach or fails to conduct a proper impact assessment, fines can amount to 2% of annual global revenue. Notification of a data breach must take place within 72 hours of a breach.

GDPR makes it necessary to confirm the processing of personal data. A business must stipulate where personal data is being processed and for what reason. A request to give or withdraw consent must be intelligible in an easy to access form that is clear and distinguishable. Individual data subjects have the right to have their personal data erased and for any dissemination to end. GDPR creates an internal record-keeping requirement. Businesses that systematically monitor data subjects on a large scale are required to appoint a Data Protection Officer (DPO) to cover core activities related to the processing personal information. Data subjects have the right to obtain a copy of personal data processed by electronic means. The law also applies to data transferred from a controller to another controller of personal data.

A business must engage a DPO when data processing is a core activity. GDPR specifically applies to businesses that process health, religious or political beliefs data. The law applies to businesses with over 250 employees that process personal data of over 5000 data subjects in a 12-month period. Personal data includes the name, photo, email address, bank information, social media website information and posts, medical information and/or computer IP address. Parental consent is required to process personal data of children under the age of 16 for online services.

What will you do to comply with GDPR?

This new law is important! It can also be damaging and very expensive. How will you comply with GDPR? The only reasonable approach is to audit your information. An Info-Audit would provide tangible proof of compliance. You need to demonstrate that you have control of personal data. GDPR is significant legislation designed to improve manage of personal information. Information management begins with an information audit of personal data in systems, databases and documents. You need to demonstrate effectiveness of personal data management practices.

An Info-Audit would help you identify PII (Personally Identifiable Information) or SII (Sensitive Personal Information) in your digital assets.

What should concern you is need to comply with the following:

→ Data Security Breach

Companies that process personal data must prepare for a data breach. Policies, controls and procedures must be in place to ensure compliance. Ability to react quickly to a data breach is vital.

→ Accountability Framework

Businesses that collect and process personal information must continuously monitor, review and assess how data is processed. A business need to retain processed data will be scrutinized to minimize exposure.

→ Systematic Validation

Companies need to demonstrate compliance and effectiveness of information management practices.

→ Legitimate Grounds for Retention

Businesses must demonstrate legitimate grounds for retaining subject information.

→ Audit Personal Data

Businesses must demonstrate management of data consent. This includes how consent is given and taken away to ensure they are adequate and can bear the burden of proof.

→ Cross-border Data

The impact of transferring personal data across borders can be severe. Businesses should consider adopting binding corporate rules to facilitate intra-group transfers of data. It is important to demonstrate processing time from when personal data is collected. The intent of GDPR is to control use of personally processed information.

This specifically applies to personal data disseminated to third parties or is sold or rented out. The law also applies to personal data retained in encrypted forms.

What you get:

  • Information about all digital assets (files, databases, emails, etc.) located on servers, desktop PCs and laptops, etc.
  • Information gathered from unstructured data sources like emails plus in attached documents and compressed files
  • IReferences to all personal information using a powerful semantic API to extract, parse and contextualize PII and SII
  • Evaluation of all SII and PII data utilizing special GDPR algorithms to assess personal data
  • Relationships between all SII and PII data and how this data combines with other types of personal information
  • Maps that model data relationships between structured (spreadsheet, etc.) and unstructured data in documents, etc.
  • Complete view of PII and SII in dashboards that can integrate with other Business Intelligence (BI) tools

As you can see, an Info-Audit would help you comply with GDPR. It is the first logical and technical step to understand whether you comply with the scope of GDPR mandates.

Additionally, you gain huge amounts of insight that will help you improve information management practices.

If you do not comply with GDPR, you get actionable insight to know what you need to correct. In either situation, you get time to prepare for GDPR. Most importantly, an Info-Audit will provide you with strategic information you need to improve operational performance.

How we can help?

GPDR would help your business comply with GDPR mandates. GPDR solutions is a unique service that we help you take an inventory of your information assets. You benefit by producing proof of compliance with GDPR.


GDPR solutions

To appreciate the implications of GDPR, consider the kinds of information you need to audit. What should be of immediate concern is information used to distinguish and classify individuals.

The National Institute of Standards and Technology defines personal information based on the following:

  • Full name
  • Home address
  • Email address
  • National identification number
  • Passport number
  • IP address
  • Vehicle registration
  • Digital identity
  • Date of birth
  • Birthplace
  • Genetic information
  • Telephone number
  • Login names
  • Screen names
  • Nicknames
  • Handles
  • Automotive plate number
  • Driver's license number
  • Facial information (photo)
  • Fingerprint images
  • Handwriting (signature)
  • Credit card numbers

Much of this information is commonplace. Therefore, an Info-Audit is so important. Personal data is everywhere ! You need to protect this kind of information more effectively. GDPR is a first step. Other types of regulations will surely follow in the years to come.