The General Data Protection Regulation (GDPR) is designed to give individuals control over their personal information by increasing the transparency of where their information is going.
GDPR “harmonizes data privacy laws across Europe, protects and empowers all EU citizens’ data privacy and reshapes the way organizations across the region approach data privacy.”
EU citizens shall have the right to obtain from the controller confirmation as to whether personal data are being processed, and where that is the case, access to the personal data.
Also known as “The Right to be Forgotten”, EU citizens right to erase personal data without undue delay where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
Data subjects have the right to obtain “restriction of processing” from the controller for certain circumstances to limit the way an organization uses their personal data and instead of requesting erasure.
Personal data must be kept in a form which permits the identification of data subjects for no longer than is necessary for archiving purposes, including protection against unauthorized processing and against accidental loss or destruction, using appropriate technical measures.
Data controllers must implement appropriate technical measures for ensuring that, by default, only personal data which are necessary for each specific purpose is processed. This applies to the amount of personal data collected, the extent of processing and the period of storage and accessibility.
Data controllers must maintain records of processing activities, including categories of data subjects and personal data, the envisaged time limits for the different categories of data, and a general description of technical and security measures.
An important component to GDPR is a DSR. This is a formal request by a data subject (user/employee) to a controller to take an action (change, restrict, access) regarding their personal data.
Under GDPR, a personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. Breach notifications are required, and the processor shall notify the controller without undue delay after becoming aware of a personal data breach.
The DPIA is a new requirement under the GDPR as part of the “protection by design” principle. According to the law:
Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.
Companies subject to GDPR are advised to strictly comply with GDPR in order to avoid the risk of heavy financial fines. One way to ensure compliance is through 17a-4 DataParser.
A communications and content archiving tool, DataParser is instrumental in the archiving and retaining customer data in order to comply with GDPR. DataParser is the simplest and most affordable way to achieve data compliance because it leverages your existing infrastructure.
DataParser extends the ability of your email archive to capture non-email communications, such as:
Once these content types are ingesting into your current email archive – whether on-prem or in the Cloud – the data can be retained, searched during eDiscovery and reproduced for regulator inquiries and internal Information Governance.