GDPR impact assessment addressing the impact of GDPR

Organizations need to address the GDPR impact on them using sophisticated and robust data identification tools. Impact is determined by learning how do we:

  • Identify areas of high-risk data processing, including, for example, monitoring the behavior of individuals and data.
  • Find where personal data is being stored once it is collected
  • Find where is the data that must be archived or disposed of with respect to data retention regulation.
  • Identify sharing violations of private data across geo-locations.

Main GDPR points covered by MinerEye Data Tracker™

What data do we collect?

MinerEye Data Tracker™ is a big data analytics platform for automatic identification of sensitive data. It profiles sensitive data according to exemplar files and classifies them into clusters of similar data.

Data Tracker™ allows the user to view (and later react upon) all the similar sensitive data across the organization, enabling him to control and monitor the private and sensitive data.

Data Tracker™ exposes and illuminates exactly the data that requires exposing, without any prior rules, mapping the files that need handling in order to comply with regulations.

Are we gathering too much data?

MinerEye Data Tracker™ shows exactly where all duplication, permutations and versions of the private and sensitive data reside in all corporate

repositories and external cloud storages. It can also alert on sharing violation of private and sensitive data across geo locations (i.e. out of EU geography).

How do we process the data?

MinerEye Data Tracker™ provides full information on the clustered sensitive files, including all the relevant properties, such as file type, files name, last date it was modified, and by whom, and so on. The system generates a report of outliers from a certain criterion e.g. outlier from designated location, user, time etc. The MinerEye Data Tracker™ data map holds a textual taxonomy of text elements per all the textual documents in a cluster, this way a specific string can be searched. A sophisticated patterns recognition algorithms can automatically match between database tabular data and clusters and alert on data that is suspected to be either private or sensitive and multiple locations e.g. all documents (word, PDF, excel) that contain customers addresses and bank detail originated from the company’s CRM.

GDPR key points

GDPR rules pertain to two types of data, personal data and sensitive personal data.

· Examples of personal data: name, address, phone, birthday, education, job, and so on.Examples of sensitive personal data: taxes, social security number, race, ethnicity, religion, health information, sexual preferences, biometric data, and so on.

The rules apply to companies that process personal data. Processing the data includes: collecting the data, reading, editing, comparing, transmitting and storing the data. Companies may process personal data only to the extent that it is in accordance with the objective. Afterwards, the company must delete or anonymize the data.

1. The data subject now has the “right to be forgotten” – meaning, the right to limit the processing, the right to data portability and the right to object against profiling and direct marketing.

2. Processing personal data requires valid implicit consent from the data subject. For example: checking a consent box when filling out a form online.

3. According to the rules, some companies must hire a Data Protection Officer (DPO). It is mandatory for public authorities and companies whose main activity is processing personal data. The DPO’s job is independent and his/her responsibility is making sure that the company is in compliance with the rules, and that fitting technical and organizational measures have been implemented and are compliant as well.

4. Data breaches must be reported to the proper authority immediately when detected. The company must then account for where the data breach happened, what data was affected and whose personal data was breached.

GDPR rules have sharpened the demands for companies who process data, and many companies are facing the challenge of answering the following questions:

  • What data do we collect?
  • Are we gathering too much data?
  • How do we process the data?
  • Do we need to limit the access to data (also for employees)?
  • What kind of technology/software do we use and how does it process data?
  • Are we sure that the data is not used for other purposes than the original purpose?
  • Are there systems who can help us being compliant with the rules?
  • How can we think privacy by design/default in to our company?

Statistics of US companies performing in the European market:

· 8% of US companies are planning to conduct a full audit of EU personal data manifestation

· 24% of US companies claim that: “We probably won’t be compliant by May 2018”.

· 9% of US companies are planning to Use/maintain policies/procedures for the anonymization and de-identification of personal data.

What are your budgetary technology priorities to ensure compliance over the next 12 months to address GDPR compliance? 22.8% will increase spending on Data Classification tools for GDPR compliance.

Request a demo

Contact us