Skip navigation

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is designed to give individuals control over their personal information by increasing the transparency of where their information is going.

GDPR “harmonizes data privacy laws across Europe, protects and empowers all EU citizens’ data privacy and reshapes the way organizations across the region approach data privacy.”

General Data Protection Regulation GDPR

The European Council and governing bodies implemented GDPR to keep up with the current data-driven world.

GDPR requirements include:

Right of Access

EU citizens shall have the right to obtain from the controller confirmation as to whether personal data are being processed, and where that is the case, access to the personal data.

Right to Erasure

Also known as “The Right to be Forgotten”, EU citizens right to erase personal data without undue delay where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

Restrictions on Processing

Data subjects have the right to obtain “restriction of processing” from the controller for certain circumstances to limit the way an organization uses their personal data and instead of requesting erasure.

Data Processing

Personal data must be kept in a form which permits the identification of data subjects for no longer than is necessary for archiving purposes, including protection against unauthorized processing and against accidental loss or destruction, using appropriate technical measures.

Data Protection

Data controllers must implement appropriate technical measures for ensuring that, by default, only personal data which are necessary for each specific purpose is processed. This applies to the amount of personal data collected, the extent of processing and the period of storage and accessibility.

Record Keeping

Data controllers must maintain records of processing activities, including categories of data subjects and personal data, the envisaged time limits for the different categories of data, and a general description of technical and security measures.

An important component to GDPR is a DSR.  This is a formal request by a data subject (user/employee) to a controller to take an action (change, restrict, access) regarding their personal data.


Under GDPR, a personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. Breach notifications are required, and the processor shall notify the controller without undue delay after becoming aware of a personal data breach.


The DPIA is a new requirement under the GDPR as part of the “protection by design” principle. According to the law:

Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.

How 17a-4 can help you with GDPR compliance

Companies subject to GDPR are advised to strictly comply with GDPR in order to avoid the risk of heavy financial fines. One way to ensure compliance is through 17a-4 DataParser.

A communications and content archiving tool, DataParser is instrumental in the archiving and retaining customer data in order to comply with GDPR. DataParser is the simplest and most affordable way to achieve data compliance because it leverages your existing infrastructure.

DataParser extends the ability of your email archive to capture non-email communications, such as:

  • Social media (YouTube, Twitter)
  • Enterprise collaboration (Zoom and MS Teams)
  • Enterprise IM (Slack and Jabber)
  • Financial platforms (Bloomberg and Symphony)
  • Cloud-based files (OneDrive and SharePoint Online)

Once these content types are ingesting into your current email archive – whether on-prem or in the Cloud – the data can be retained, searched during eDiscovery and reproduced for regulator inquiries and internal Information Governance.

Tell me about DataParser