For multinational companies, today is the time to act on GDPR. WHY? There is an adage which holds true here – A stitch in time saves thine! You don’t need to do a whole lot; a ‘stitch with OvalEdge’ can be your vital first step. Being GDPR ready can save companies from financial and reputational losses and can also prop them to gain a massive competitive advantage. The EU’s General Data Protection Regulation, or GDPR gets enforced beginning May 2018. It will set new benchmarks for consumer data privacy.
If your company has an online presence, a website that can be accessed by any person in the world (which you more than likely do), then you need to be aware of what’s going on with GDPR. Here are some key points that U.S. businesses should have in their mind regarding GDPR:
GDPR stresses consent above all else. GDPR requires the data subjects to provide explicit permission for the processing of their data. Data subjects also have the right to withdraw consent. GDPR also specifies that controllers should get “explicit consent” for special categories of personal data as well as parental consent for processing data of children up to 16 years old.
GDPR requires controllers to notify the supervisory authority in the member state no later than 72 hours of a breach. It also elaborates on data security requirements to protect personal data, including measures for pseudo-anonymization, efforts to ensure integrity, the confidentiality of processing systems which provide access to personal data in case of a system failure or physical event.
The regulation now introduces the right for individuals to request deletion of their data. Data Controllers would need to delete any personal data related to an individual, based on the request or if the data is no longer needed. If you share data with other companies, you will need to notify them of the individual’s request.
OvalEdge can identify personal data as defined by GDPR by cataloging the entire metadata and profiling the complete data in your various databases. Our powerful algorithms precisely identify sensitive data and update the metadata in a centralized repository.
OvalEdge can be a vital tool in monitoring the right to be forgotten aspect of GDPR. When you get a request for carrying the right to be forgotten, OvalEdge can scan all the databases and can tell precisely where customer’s personal data resides. Then you can create internal processes to delete that data from all the databases. Finally, you can validate this process by running a query to all the databases through OvalEdge, that all the data pertaining to the request has been deleted.