Accelerate GDPR Compliance
+ Full Text
Accelerate General Data Protection Regulation (GDPR) Compliance with Dataguise DgSecure YES, YOU SHOULD COMPLY WITH THE GDPR. The General Data Protection Regulation (GDPR) may have been created in the European Union (EU), but it applies to any organization, anywhere in the world, that controls or processes the personal data of EU residents. Taking effect on May 25, 2018, the GDPR is designed to increase individuals’ rights over their personal data and to increase accountability for data processors and controllers. You must have effective policies and processes in place to protect data privacy, as well as adherence to those policies and processes, and documented proof of both. Will your organization be ready?
WHY WORK WITH DATAGUISE ON GDPR COMPLIANCE? The GDPR outlines speciﬁc requirements that must be met but not necessarily how to meet them. Certainly, there is no magic bullet, no single technology solution, that will make your organization “GDPR-compliant.” But there is one solution provider that can help you get there faster, with a stronger footing, than any other. Dataguise is the leader in sensitive and personal data governance and the only vendor to provide end-to-end personal data discovery and protection on a wide range of target data stores, all from a single platform. For more than a decade, we’ve been focused on safeguarding personal data in highly regulated industries, from ﬁnancial services and retail to government and healthcare. Today, Dataguise DgSecure can detect, protect, and monitor both structured and unstructured data across your extended enterprise, on premises and in the cloud. Delivered with pre-built, customizable policies speciﬁc to “personal data” as deﬁned in the GDPR, DgSecure puts you well on your way to GDPR compliance.
WHICH ASPECTS OF THE GDPR CAN DATAGUISE ADDRESS? The GDPR is a massive piece of legislation. Complete and continual compliance requires a combination of people, process, and technology. As always, we recommend consulting your legal or compliance teams to determine your needs; but from a technology perspective, Dataguise DgSecure can help you address the following requirements of the GDPR: • Locating Personal Data: Knowing and documenting the personal data your organization holds. This is the foundation of all GDPR compliance and involves identifying and reporting the exact location of all personal data in your data repositories, in all its varied and vague formats. That’s no small feat for any company, but it is especially challenging for large, global organizations with petabytes of data moving across cloud and on-premises environments. Dataguise DgSecure enables you to ﬁnd at the element level, the location of all personal data in your enterprise, whether in the cloud or on-premises. The DgSecure dashboard gives an aggregate view of the personal data exposure, with drill downs to the element level.
• Protecting the Personal Data: Protecting the personal data, e.g., via pseudonymization (masking), encryption, and erasure (Articles 17, 24, 25, 32). The existence of appropriate safeguards, such as pseudonymization or encryption, may help you retain personal data for business processing by you or a third party, and will also reduce your compliance burden in the event of a data breach. • Data Minimization: Article 5 of the GDPR requires “data minimization” – i.e. that only data that is absolutely required for the purpose at hand be processed. The intent is of course to eliminate unnecessary processing of personal data. In order to minimize the data being processed, you have to know where the personal data is, and you can then proceed to remove it. Pseudonymization or redaction, both supported by DgSecure, can be used for this purpose. • Breach Analysis, Detection, and Reporting: Detecting, reporting, and investigating a personal data breach (Articles 33, 34): You’ll need to notify your supervisory data authority and/or affected data subjects as early as 72 hours after becoming aware of a high-risk data breach. As soon as possible you should be able to pinpoint exactly which data was exposed, how and when the unauthorized access occurred, and the measures you’ve taken to mitigate adverse effects. Alerting on unauthorized and/or unusual access to personal data, which DgSecure supports, will assist in both the detection of breaches, as well as in the analysis of the damage done by any breach. In addition to the above aspects of GDPR, DgSecure supports the following Data Subject Access Rights (DSAR) requirements: • Right of Access: Upon request, informing individuals of the personal data you hold about them (Articles 13, 14, 15): The “right of access” mandate in the GDPR gives individuals the right to know what data you hold about them, how and why it is being used and accessed, and by whom. You must be able to retrieve and present this information within a reasonable time, not less than 30 days from request. • Data Portability: As a corollary to the Right of Access, the GDPR’s Article 20 also requires the data about an individual is available in a machine-readable form that can easily be then transmitted to a different controller or processor. • Right to Erasure: Upon request, and within what is allowed by the law, individuals can request an organization to erase all personal information about them. DgSecure supports the back-end processing and automated flows required for scalable implementations of this “Right to Erasure” (described in Article 17 of the GDPR) functionality. • Right to Restrict Processing: Similar to the right to erasure, an individual can request an organization to restrict processing for a limited period of time until the issues related to processing are resolved. DgSecure supports the implementation of the “Right to Restrict Processing” as described in Artcile 18 of the GDPR. Data protection in the GDPR is about mitigating risk, not just for data subjects but for data processors and controllers as well. Fines could cost you up to 4% of your annual revenues or €20 million EUR, whichever is higher. A data breach could cost you even more. Contact Dataguise today to put your organization in the strongest position to comply with the GDPR in time for the May 2018 deadline. About Dataguise Dataguise detects, protects, and monitors both structured and unstructured data to help enterprises maximize the value of information assets while meeting PCI, HIPAA, GDPR, and other data privacy mandates. For more information visit www.dataguise.com.
DATAGUISE, INC. | 2201 WALNUT AVE. STE 260 | FREMONT, CA 94538 | 877.632.0522 | WWW.DATAGUISE.COM