GDPR impact assessment addressing the impact of GDPR
Organizations need to address the GDPR impact on them using sophisticated and robust data identification tools. Impact is determined by learning how do we:
Main GDPR points covered by MinerEye Data Tracker™
What data do we collect?
MinerEye Data Tracker™ is a big data analytics platform for automatic identification of sensitive data. It profiles sensitive data according to exemplar files and classifies them into clusters of similar data.
Data Tracker™ allows the user to view (and later react upon) all the similar sensitive data across the organization, enabling him to control and monitor the private and sensitive data.
Data Tracker™ exposes and illuminates exactly the data that requires exposing, without any prior rules, mapping the files that need handling in order to comply with regulations.
Are we gathering too much data?
MinerEye Data Tracker™ shows exactly where all duplication, permutations and versions of the private and sensitive data reside in all corporate
repositories and external cloud storages. It can also alert on sharing violation of private and sensitive data across geo locations (i.e. out of EU geography).
How do we process the data?
MinerEye Data Tracker™ provides full information on the clustered sensitive files, including all the relevant properties, such as file type, files name, last date it was modified, and by whom, and so on. The system generates a report of outliers from a certain criterion e.g. outlier from designated location, user, time etc. The MinerEye Data Tracker™ data map holds a textual taxonomy of text elements per all the textual documents in a cluster, this way a specific string can be searched. A sophisticated patterns recognition algorithms can automatically match between database tabular data and clusters and alert on data that is suspected to be either private or sensitive and multiple locations e.g. all documents (word, PDF, excel) that contain customers addresses and bank detail originated from the company’s CRM.
GDPR key points
GDPR rules pertain to two types of data, personal data and sensitive personal data.
· Examples of personal data: name, address, phone, birthday, education, job, and so on.Examples of sensitive personal data: taxes, social security number, race, ethnicity, religion, health information, sexual preferences, biometric data, and so on.
The rules apply to companies that process personal data. Processing the data includes: collecting the data, reading, editing, comparing, transmitting and storing the data. Companies may process personal data only to the extent that it is in accordance with the objective. Afterwards, the company must delete or anonymize the data.
1. The data subject now has the “right to be forgotten” – meaning, the right to limit the processing, the right to data portability and the right to object against profiling and direct marketing.
2. Processing personal data requires valid implicit consent from the data subject. For example: checking a consent box when filling out a form online.
3. According to the rules, some companies must hire a Data Protection Officer (DPO). It is mandatory for public authorities and companies whose main activity is processing personal data. The DPO’s job is independent and his/her responsibility is making sure that the company is in compliance with the rules, and that fitting technical and organizational measures have been implemented and are compliant as well.
4. Data breaches must be reported to the proper authority immediately when detected. The company must then account for where the data breach happened, what data was affected and whose personal data was breached.
GDPR rules have sharpened the demands for companies who process data, and many companies are facing the challenge of answering the following questions:
Statistics of US companies performing in the European market:
· 8% of US companies are planning to conduct a full audit of EU personal data manifestation
· 24% of US companies claim that: “We probably won’t be compliant by May 2018”.
· 9% of US companies are planning to Use/maintain policies/procedures for the anonymization and de-identification of personal data.
What are your budgetary technology priorities to ensure compliance over the next 12 months to address GDPR compliance? 22.8% will increase spending on Data Classification tools for GDPR compliance.