GDPR Regulatory Compliance Gotcha's The Right to be Forgotten and Protecting Personal Data Scattered Across Multiple Files
BUFFALO GROVE, IL, September 06, 2017 /24-7PressRelease/ -- BigDataRevealed(BDR) announces the immediate availability of the Discover, Secure, Manage and Encrypt facility that provides for organizations following the BigDataRevealed process to greatly reduce their risk of GDPR non-compliance. For those not familiar with GDPR and the rapid introduction of privacy regulations sweeping the globe, here is a short introduction of what it means to comply with "the right to be forgotten".
If you have any Data Subjects (Consumers, Employees, Suppliers, Partners, Citizens, Patients etc) sharing their identity with you from Europe or while traveling in Europe, you have to take the new GDPR regulations seriously, which requires you to be able to identify all the information you have about a Data Subject, whether identified by key data items (national insurance number, social security number, name, address, credit card numbers, etc.) or indirect information that allows a Data Subject to be identified when multiple fields are grouped together (address, professional affiliations, HIPAA and other medical records or any other information that allows the identification of an individual).
GDPR calls for an individual to have the Right to be Forgotten from data that has been entrusted to you, whether stored within your four walls, in the cloud, or stored with partners who participated in your digital ecosphere (PayPal, Priceline, Saavis, Amazon, Google, or any other firm which houses information on your behalf or on the behalf of your platform partners storing Data Subjects information in their environment). If your consulting partner has told you that they have you covered and they will build a database to house all your Data Subject information so that they can be forgotten, you will be unfortunately surprised when the regulators impose stiff fines due to your non-compliance. Organizations have until May 2018, or less than a year to implement a program that allows Data Subjects to request to be forgotten.
To meet your privacy obligations as imposed by GDPR, PrivacyShield, IDP, and a host of other privacy regulations surfacing around the globe, some key components which your consulting partner forgot to tell you about are required:
1. You must be able to identify where privacy information exists within your four walls. That means if a clerk wrote credit card information in comment fields for their convenience, you must be able to identify and delete this information.
2. If a system change was implemented which stores credit card information in an address field because it was too hard to change the system to accommodate the needs of a platform used to conduct business, you must be able to identify and delete this information.
3. If you are stripping information from Facebook, Twitter, Instagram, or other social media sites, you must be able to identify and delete this information.
4. And if you use Amazon as a sales platform or PayPal as a billing platform and they store information on your behalf, you must be able to delete this information.
So just what does it mean to delete Data Subject information? We believe the only way you can be sure that you are protected from compliance issues with the global privacy law and more importantly, protecting your reputation from hackers maliciously using information obtained from your environment or partners representing you, is to have a solid engine that allows you to identify data items that expose you to potential privacy regulation issues, encrypt the information available to wandering eyes (which would protect you as far as regulators are concerned) and manage the values requiring dispensation to a highly secure area.
Fortunately, when we identified shortcomings with the big data environment that made it difficult to identify information and patterns of information, we constructed an intelligent catalog and the necessary descriptive context required to codify and schedule rules which can be used to discover patterns. We extended this capability with world class Encryption, Management and Security processes which are specifically designed to dispense with potential privacy lapses. Because of the way we are specifically designed for pattern recognition, the identification and dispensing of direct and indirect identifiers is easily accomplished, and repeat offenses of incoming streams of data are easily identified for your special attention.
We welcome the opportunity to show you how we have approached the process to comply with privacy regulations, and why our approach is different than others.
[email protected] (847) 440-4439 For more information on EU GDPR Click here gdpr.institute
About BigDataRevealed: BigDataRevealed is a company whose mission is to deliver tools to improve the usability of the big data environment. BigDataRevealed's flagship product, the intelligent catalog is the central core of all capabilities offered by BigDataRevealed, including the out of the box analytic capabilities extended to the big data environment. BigDataRevealed is driven by a core team relentless in devising capabilities not offered through the core capabilities available from the traditional big data vendors. One of these capabilities is the Secure/Sequester and Encrypt facilities, which extends the intelligent catalog through processes devised to ensure the identification and capture of potential PII issues whether introduced to big data through data feeds, real time data streams or other means.
# # #