GDPR - 3 aspects nobody told you
Below you will find three critical aspects for choosing the best GDPR solution
Three critical aspects for choosing the best GDPR solution
Starting 25 May 2018, the General Data Protection Regulation – GDPR in short – entered into force. Although GDPR is perhaps the most important set of regulations regarding personal data protection in the past 20 years at a European level, it is nothing new.
Find out below why personal data protection is actually part of the information management plan at the organization level and how Star Storage solutions can help you build a unified information governance policy and, implicitly, comply with GDPR rules.
Do you know what to do to avoid heavy fines that may amount up to €20 million or 4% of the global turnover?
Below you will find three critical aspects for choosing the best GDPR solution:
1. Keep in mind all users in the company, not just data protection specialists or the Legal department.
SEAL allows all users in your organisation to classify all business records according to the existing policies and manage information in a centralized manner throughout its life-cycle, while ensuring compliance with legal and industry regulations.
Advanced functionalities such as unlimited browsing perspectives, smart folders, dynamic security, rule-based automations, or smart workflows make SEAL the perfect tool to reach all goals associated with information management and, implicitly, with GDPR, by mere clicks and without writing any code.
Thus, the solution will definitely be adopted quickly by business users in the entire organisation and will allow you to mitigate risks associated with audit or legal processes and maximize the information value.
2. Use metadata to organize over 80% of the business content and identify personal data.
Metadata consist of the properties or descriptive information associated to a document or object. In fact, there is no unstructured content, only content without metadata. And without metadata, content is an agglomeration of “something undifferentiated” waiting to be managed.
In SEAL, all it’s about metadata. Building on pre-defined functionalities for extracting and managing metadata, SEAL provides not just a unified view of personal data, but also a complete solution that allows storing, searching, retrieving, browsing and displaying content in unlimited perspectives, defining security policies and sharing data outside the organisation without sacrificing compliance with GDPR rules, information security or governance.
3. Promptly answer requests via permanently auditable processes.
Companies that manage personal data must answer all requests from data subjects within a 30 days timeframe. In fact, however, these data are shared in various locations and apps, and it seems quite difficult to stay in this deadline and avoid fines.
SEAL is the solution in this case, too. Hundreds of organisations already use it for unified management of content created and collected from business operations and data taken from old apps or systems in a single safe location, compliant with GDPR rules. Thus, all requests can be addressed by permanently auditable processes within the legal deadline.
Correlation between SEAL and the key GDPR articles
Article 7(1): Conditions for consent
Organisations must be able to prove the agreement that data subjects have given their consent for the processing of their personal data: terms, conditions and the specific purpose for which the consent was obtained. Consent can be collected by various systems and in various forms.
How can SEAL help you?
To manage consent proofs associated to records about the data subject, which may exist in multiple systems, SEAL imports and stores content and associated metadata including the intention of data use, for unified management of such data. Consents can be stored in SEAL as customized metadata and can trigger automatic security rules.
Article 12(3): Transparent information and communication
Organisations managing personal data must answer any request from data subjects without undue delay, within one month of receipt of the request. If your information, both data and content, is shared in various sources and not managed in a unified manner, on a single platform, striking to this deadline will be very difficult. Exceeding this deadline exposes the organisation to the risk of heavy fines.
How can SEAL help you?
SEAL can manage all the data and static content created and collected during business operations and/or imported from old systems. This information, together with its associated metadata, is stored in accordance with the rules of the industry and the legislation in force for the geographical area in question. As all the information is stored in a secure unified electronic archive, compatible with the legal regulations and the one‑month deadline can thus be easily observed.
Article 15: Right of access by the data subject
At a European level, data subjects must be able to view and export their personal data in an electronic format at any time. Furthermore, data subjects are entitled to be provided with information regarding all their personal data stored by organisations.
How can SEAL help you?
SEAL allows data subjects to view and export their personal data via smart folders, customized and created automatically based on the metadata. They include all the static data and content imported by SEAL from old apps and active business applications in the production environment.
Article 17: Right to erasure of data (“right to be forgotten”)
Right to be erased (right to be forgotten) states that “The principle on which this right is based is that of allowing an individual to request the erasure or removal of his or her personal data, if there is no plausible reason to continue to process them.”
The main characteristics that a record management solution should provide to the beneficiary are classifying and searching.
How can SEAL help you?
Audit processes give organisations the necessary motivation to comply not just with GDPR rules, but also to build a unified information management policy in accordance with the requirements of the industry and the legal regulations. With SEAL, data erasure can be programmed. If this, however, is in contradiction with an industry regulation, the data will be stored for a certain period of time and will not be able to be erased until the end of this period. This contributes to lowering the company’s degree of exposure and risks, without losing sight of information governance.
Article 20: Right to data portability
The right to data portability requires organisations to provide the data subject’s personal data in a commonly used format and to transfer such data to another controller, if the data subject requests it. The right to data portability only applies when the personal data processing was initially based on the user’s agreement or on a contract. It does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
How can SEAL help you?
SEAL has the capability to create data collections and export them in a commonly used format, such as CSV, PDF etc. The data can also be transferred to another controller. The transferred data will then be erased if the regulations in the field allow it. Otherwise, the information will be stored and erased in accordance with the prevailing regulations.
Article 28(3)(G): Deleting inactive data
GDPR requires organisations to delete personal data that have been inactive for a predetermined period of time, if requested by the data subjects. All copies of such data must also be deleted, unless the law requires otherwise.
How can SEAL help you?
When a data subject’s account has been inactive for a predetermined period of time or if the data subject requests it to be deleted, such data will be deleted from SEAL after the mandatory contractual period of time that may be easily added into the file plan, except when the EU or national law requires explicitly the storage of personal data.
Find out how SEAL can ease-up the GDPR journey for your organization. Drop us a note at office@star-storage.eu or on our contact page.