GDPR Compliance, Simplified (Really)
But GDPR compliance doesn’t have to be scary.
Data443’s GDPR Engine couples a GDPR-specific workflow with the ClassiDocs™ platform to facilitate fast and easy GDPR compliance, including identity, data classification, customer eDiscovery, identity governance, and reporting – in one box.
Critical response to 12 of the most important GDPR articles is fast tracked via a robust, simple-to-use workflow that allows full customization, search, and remediation based on personal identifiable information (PII).
Schedule a demo today to learn how Data443 can keep your organization on the right side of GDPR.
Which GDPR Articles Does Classidocs Help Me With?
Article 14 - Information to be provided where personal data have not been obtained from the data subject
The accurate and ongoing inventory features of ClassiDocs will enable your people, processes and systems to rely on the inventory collected (point in time and ongoing) to indicate potentially where some data sources are outside of the data requestor (for example – a credit rating agency feed). This inventory may be used in your response services to clients.
Article 15 - Right of access by the data subject
As part of the inventory process – you will learn which systems, platforms and applications the subjects’ data resides. In most cases, you will be able to identify these locations as processing locations, including the type, frequency and location. This information, coupled with the point in time and ongoing inventory monitoring will assist in your response to data subjects queries.
Article 16 - Right to rectification
As ClassiDocs will expose all locations that the PII data related sets were discovered, your manual and automated processes may be enabled by using this data inventory to correct any inaccuracies. The corrections may be completed via batch or manual processes (within custom applications for example, or specific spreadsheets may be updated)
Article 17 - Right to erasure (‘right to be forgotten’)
As part of the ClassiDocs data inventory reporting and API interface, you will be able to expose to enabled users or systems the exact location (and sometimes operating platform/database) where the user subjects’ data resides. Mass ‘deletion’ of this user information via brute force methods are not safe or effective – thus most organizations will have to create a process/workflow to manually remove the data subjects’ information set from the identified repositories. However, ClassiDocs will continue to provide an ongoing and accurate inventory of the data subjects’ PII in scope, and report on outstanding instances – documenting/certifying when the data sets have been removed.
Article 18 - Right to restriction of processing
ClassiDocs will expose all locations that the PII data related sets were discovered and make them available to any of your processing systems. This information may also be tagged with custom information (including processing flags) and may be referenced via external platforms (for example – a marketing system may check with ClassiDocs first to see if ‘lastname=Smith’ is allowed to be utilized in this fashion. Any system (human or automated) may use this interface to confirm processing acceptance.
Article 19 - Notification Obligation regarding rectification or erasure of personal data or restriction of processing
As all locations that the PII data related sets that were discovered are made available directly via web interface and API – your ability to response and certify that any changes required on behalf of the data subject have been carried out (change, removal, rectification, process exclusions, etc.). This information set may be integrated to any customer-facing web property and/or to customer reporting/support staff services.
Article 20 - Right to data portability
We will be able to report to you (and thus the requester) in a structured API-enabled method all occurrences of the data subjects’ request for ‘data concerning him or her’. ClassiDocs will have on record all unstructured data sets (documents, files, PDFs), and structured data sets (Database Tables) and will report instances of where the requestors PII information resides. After reporting this, you may use tools and processes to remove or relocate the data subjects’ information as per the request. ClassiDocs will monitor ongoing, and alert specifically – if any new PII information regarding the data subject is discovered.
Article 21 - Right to object
In addition to enabling you to respond via your existing processes to removal requests (using a custom application to remove their record, archiving existing Excel or Word documents, destroying fax’s that are PDFs), any end-user facing portal or system will be able to query ClassiDocs for updated information regarding the data subject. That is, as your processing continues – you will be able to expose to any system (portal, customer support centre, etc.) the exact status of your information removal progress. In instances where the information is allowed to reside but not allowed to be marketed to (for example – scientific research studies), ClassiDocs will allow custom flags to be set on the dataset to indicate use parameters – that other systems may read for their processing
Article 22 - Automated individual decision-making, including profiling
As part of the builtin Data Governance capability features of ClassiDocs – the administrator will be able to make data protection and location descisions based on myriad conditions. Due to the nature of its open API interfaces, ClassiDocs will be able to trigger virtually any external system, process or notification based on conditions. Some examples include: (if data_user = german; move_word_doc to DE data centre) or (if data_user_property = HealthConditionReport; Encrypt_Excel_file with xyz product). All conditions execute on live or batch conditions – and may run continuously. This ensures you are able to validate ongoing data controls and processes based on condition.
Article 30 - Records of processing activities
As ClassiDocs maintains a running ledger of all locations that the data subjects’ information set may reside, the application of knowledge-based inference is a recommended approach towards partial conformance to this requirement.. In other words, when you know the PII information resides in database XYZ – you may deduce that that specific database is utilized by information processing application ABC, and thus be able to report to the requestor more specific information about the information processing, location and uses being utilized.
Article 32 - Security of Processing
Due to the initial point in time and ongoing data inventory tracking and alerting inherit in ClassiDocs – you will be able to apply your inhouse knowledge of the capabilities and services provided by the platforms that store, manage and house the data set in question. You will be able to apply your Risk and Controls matrix against the data locations in scope and report on your organizations capabilities related to the security of processing of the data subjects information.
Article 35 - Data Protection Impact Assessment
Due to the initial point in time and ongoing data inventory tracking and alerting inherit in ClassiDocs – you will be able to carry out the tasks assigned in Article 35 with efficiency and accuracy. Additionally, your normal data security controls may be enforced with greater certainty when your information inventory is highly accurate, and all data types identified are accurately classified according to their sensitivity and regulation requirements.