GDPR Compliance Solution

25th of May 2018
GDPR
GDPR COMPLIANCE

Why GPDR compliance solutions?

Functioning as a centralized dashboard, GPDR solutions provide organizations with a complete view of their information assets (files, data, email, etc.). Our semantic engine, combined with other applications on various mediums (servers, desktops, laptops, pst files, etc.), will conduct a physical inventory of your documents and then a semantic inventory of select target documents.

The GPDR compliance solution enables you to fully understand the structure of your information assets and corporate documents so that you can get the most value out of them.

REQUEST A DEMO

Get your organization ready for GDPR!

“In May 2018, the General Data Protection Regulation comes into force. Many new and stringent requirements, related to personally identifiable information (PII), need to be addressed immediately. All organizations with more than 250 employees and doing business with EU citizens must comply. The challenge, for most organizations, is that documents containing PII are omnipresent, well beyond traditional ERP systems, in email systems, file shares, ECM platforms, cloud repositories, etc.”

Do you know about the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is a law designed to protect personal data.

GDPR harmonizes data privacy laws across Europe. The law extends regulations to corporations that operate in Europe.

GDPR provides for the protection, processing, and movement of personal data. It covers information used to identify or profile a person to evaluate, analyze, or predict behavior.

The law protects individuals who give information freely and applies to organizations that collect or process personal data. GDPR applies when specific, informed, and explicit consent is given by statement or action to signify agreement to process personal data.

GDPR also applies to situations where a data breach leads to accidental or unlawful access to or destruction or misuse of personal data. The law covers biometric data relating to physical, physiological, or behavioral information of an individual and their unique identification. It also relates to inherited or acquired data, biological sample data, and health or physiological data.

GDPR was approved by EU Parliament on April 14, 2016, and will be enforced on May 25, 2018.

Non-compliant firms will face heavy fines. GDPR applies to businesses that process personal data of people residing in the European Union. If a business breaches GDPR, fines can amount to 4% of annual global revenue or €20 million (whichever is greater). When a customer does not provide sufficient consent to process data or when consumer records are not in proper order, fines can amount to 2% of annual global revenue..

When a business does not adequately notify a supervising authority about a data breach or fails to conduct a proper impact assessment, fines can amount to 2% of annual global revenue. Notification of a data breach must take place within 72 hours of a breach.

GDPR makes it necessary to confirm the processing of personal data. A business must stipulate where personal data is being processed and for what reason. A request to give or withdraw consent must be intelligible in an easy-to-access form that is clear and distinguishable. Individual data subjects have the right to have their personal data erased and for any dissemination to end. GDPR creates an internal record-keeping requirement. Businesses that systematically monitor data subjects on a large scale are required to appoint a data protection officer (DPO) to cover core activities related to the processing personal information. Data subjects have the right to obtain a copy of personal data processed by electronic means. The law also applies to data transferred from a controller to another controller of personal data.

A business must engage a DPO when data processing is a core activity. GDPR specifically applies to businesses that process health, religious, or political beliefs data. The law applies to businesses with over 250 employees that process personal data of over 5,000 data subjects in a 12-month period. Personal data includes the name, photo, email address, bank information, social media website information and posts, medical information, and/or computer IP address. Parental consent is required to process personal data of children under the age of 16 for online services.

What will you do to comply with GDPR?

This new law is important! It can also be damaging and very expensive. How will you comply with GDPR? The only reasonable approach is to audit your information. An Info-Audit provides tangible proof of compliance. You need to demonstrate that you have control of personal data. GDPR is significant legislation designed to improve the management of personal information. Information management begins with an information audit of personal data in systems, databases, and documents. You need to demonstrate effectiveness of personal data management practices.

An Info-Audit would help you identify personally identifiable information (PII) or sensitive personal information (SPI) in your digital assets.

You need to comply with the following:

  • Data Security Breach

    Companies that process personal data must prepare for a data breach. Policies, controls, and procedures must be in place to ensure compliance. The ability to react quickly to a data breach is vital.

  • Accountability Framework

    Businesses that collect and process personal information must continuously monitor, review, and assess how data is processed. A business need to retain processed data will be scrutinized to minimize exposure.

  • Systematic Validation

    Companies need to demonstrate compliance and effectiveness of information management practices.

  • Legitimate Grounds for Retention

    Businesses must demonstrate legitimate grounds for retaining subject information.

  • Audit Personal Data

    Businesses must demonstrate management of data consent. This includes how consent is given and taken away to ensure businesses are compliant and can bear the burden of proof.

  • Cross-border Data

    The impact of transferring personal data across borders can be severe. Businesses should consider adopting binding corporate rules to facilitate intra-group transfers of data. It is important to demonstrate processing time from when personal data is collected. The intent of GDPR is to control use of personally processed information.

This specifically applies to personal data that is disseminated to third parties or sold or rented out. The law also applies to personal data retained in encrypted forms.

What GDPR gives you:

  • Information about all digital assets (files, databases, email, etc.) located on servers, desktop PCs, laptops, etc.
  • Information gathered from unstructured data sources such as email plus in attached documents and compressed files.
  • References to all personal information using a powerful semantic API to extract, parse, and contextualize PII and SPI
  • Evaluation of all SPI and PII data utilizing special GDPR algorithms to assess personal data
  • Relationships between all SPI and PII data and how this data combines with other types of personal information
  • Maps that model data relationships between structured (spreadsheet, etc.) and unstructured data in documents, etc.
  • Complete view of PII and SPI in dashboards that can integrate with other business intelligence (BI) tools

 

As you can see, an Info-Audit can help you comply with GDPR. It is the first logical and technical step to understand whether you comply with the scope of GDPR mandates.

Additionally, you gain huge amounts of insight that will help you improve your information management practices.

If you are not in compliance with GDPR, you’ll get actionable insight by identifying what you need to correct. Most importantly, an Info-Audit will provide you with the strategic information you need to improve operational performance.

How we can help?

The GPDR compliance solution can help your business comply with GDPR mandates. We offer this unique service to help you take inventory of your information assets. You benefit by producing proof of compliance with GDPR.

REQUEST A DEMO

GDPR compliance solutions

To appreciate the implications of GDPR, consider the kinds of information you need to audit. What should be of immediate concern is information used to distinguish and classify individuals.

The National Institute of Standards and Technology defines personal information based on the following:

  • Full name
  • Home address
  • Email address
  • National identification number
  • Passport number
  • IP address
  • Vehicle registration
  • Digital identity
  • Date of birth
  • Birthplace
  • Genetic information
  • Telephone number
  • Login names
  • Screen names
  • Nicknames
  • Handles
  • Automotive plate number
  • Driver's license number
  • Facial information (photo)
  • Fingerprint images
  • Handwriting (signature)
  • Credit card numbers

Much of this information is commonplace. That’s why an Info-Audit is so important. Personal data is everywhere! You need to protect this kind of information more effectively. GDPR is a first step. Other types of regulations will surely follow in the years to come.

↠ Get control of your information assets today! ↞
↠ We can help! ↞