• GDPR Solutions

    Leading Software for Privacy Regulations

GlassIG Overview on GDPR

In April 2016 the European Union passed into law the General Data Protection Regulation (GDPR) replacing the previous Data Protection Directive. GDPR with its implementation date of 28 May 2018 brings a common approach to data protection across the European Union and its member states, affording a common level of protection to all data subjects within the Union.

GDPR provides further clarification of responsibilities that were previously outlined in the directive, plus some new responsibilities and stringent enforcement measures. Within Article 5 ‘The Principles’ the regulation stipulates that “The controller shall be responsible for, and be able to demonstrate compliance with paragraph 1 (‘accountability’)”, this is generally interpreted as meaning that organizations will ensure adherence to the principles and maintain documentation on how this is achieved.

Good data awareness and housekeeping is core to the ability to meet and maintain compliance to GDPR. GlassIG advocates that the additional level of effort required by organizations should not be isolated additional effort, but, proportional and informed processes and policies that enhance existing best practices associated with Information Governance and Information Lifecycle Management initiatives.

With this vision in mind GlassIG provide our scalable and flexible platform to support clients with their initiatives in attaining and maintaining GDPR compliance. On how GlassIG aligns to clients GDPR needs refer to our core solutions on Personal Data Inventory, PII Extraction, and Data Minimization.

Data Inventory

Enable your organization to manage the evidence on GDPR Personal Data Inventory and analyze the inventory in order to support daily data protection tasks

1
2
1

Build your personal data asset library

2

Define personal data attributs

When embarking on attaining and maintaining GDPR compliance, your personal data landscape is essential. Many initiatives are likely being considered or implemented including gap analysis, security, contract and policy definitions, staff training and new processes for privacy impact assessment. Knowing where to start and how to prioritize can significantly reduce cost, risk, complexity, and timelines for attaining GDPR compliance.

If answering these questions is proving challenging, then your first port of call should be data mapping and generate a Personal Data Inventory (PDI);

  • What personal data does your organization collect, store or process?
  • What processes does your organization perform on the personal data we collect?
  • Where do we store and process personal data?
  • Do we outsource or utilize hosted capabilities for storing and/or processing personal data?
  • Do we have sufficient security in place to protect the personal data we process or store?
  • Do we know what basis for processing we use against each of the personal data categories we process and/or store?
  • Do we transfer personal data across international borders?
  • Do we dispose of personal data in accordance with its retention policy?

CAN YOU EASILY EVIDENCE ALL OF THE ABOVE?

GlassIG Personal Data Inventory (PDI) forms the foundation of your living record of your personal data landscape. Enabling your organization to store the answers to these questions and more, plus effectively analyse the inventory in order to support daily data protection tasks.

PII Extraction

Scan and visualize PII data from your data repositories

GlassIG provides a unified catalog of all personal metadata and files at risk wherever they are stored within a company to ease search and retrieval scenario and be able to execute actions on data from a centralized manner.

For example, under a data breach situation, the organization must rapidly assess the severity level of the case, identify key personal in charge and get a list of all content and data subjects at risk. By automatically extracting all PII from unstructured content and referencing this data in GlassIG, the solution provides a comprehensive approach to simplify data subject requests and identification of content at risk during a data breach.

Data Minimisation

Avoid over retaining personal data and reduce legacy stored data. Solve Conflicts of processing and requirements for the retention of data

Indefinitely storing personal data beyond its intended use presents significant challenges. Over retaining data increases;

  • Risk of exposure to the loss or breach of that data
  • Expense in the identification and collection of that data in the case of a subject access request
  • Cost of storage, back up and disaster recovery
  • Non-conformance to the core principles of GDPR and related sanctions

In order to avoid over retaining personal data and to reduce legacy stored data, GlassIG advocates proactive data minimization programs. Although the benefits of risk and cost reduction, as well as conformance to the GDPR core principles, are well understood, the removal of data can be challenging. Conflicts between the purpose of processing and other statutory requirements for the retention of data can often cause ambiguity and conflict. To effectively facilitate the removal of data well-defined retention and disposition policies are required, not only in alignment with the basis for the process but also in accordance with these additional statutory requirements.

GlassIG Policy Management (PM) provides multi-jurisdictional policy definition that can include the retention decisions for personal data processing. In addition to its extensive retention policy definitions, GlassIG PM supports the needs of legal and regulatory data holds to avoid unintentional data spoliation. Having comprehensive documentation of retention and disposition policy and process makes data minimization achievable.

For more from GlassIG, follow us.

 mail-newsletter-icons-65

Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Tell us a few things about yourself...
ErrorHere