GDPR - the General Data Protection Regulation - has been a massive topic of conversation and controversy before going into effect on the 25th of May. The fact is that any company dealing with information of EU citizens must comply with the rules of protection of individual's data. Still, many firms continue to struggle with understanding the guidelines and making sure that they are 100% compliant. It is a challenge that involves a fair amount of budget and resources to be solved. But do not worry there is light at the end of the tunnel: Software companies have implemented GDPR specific products that offer support for streamlining processes around GDPR requests.
Last week we conducted a webinar around the topic of GDPR and demonstrated how reports about Personal Identifiable Information (PII) could be retrieved in structured and unstructured data. This blog post highlights the main talking points of this webinar.
What is GDPR?
GDPR is a regulation in European Union law which went into effect on the 25th of May this year. The regulation focuses on data protection and privacy for all individuals within the EU and the European Economic Area. However, the effects of GDPR go wide across European borders: It is not only relevant for all US companies who have customers and prospects in the EU - but also the general thinking behind GDPR has been transferred worldwide. California has just introduced a privacy act which draws a lot of information from GDPR which is probably only a starting point for further regulations.
Why was GDPR implemented?
GDPR is supposed to harmonize the privacy laws across Europe as there were considerable differences in how the data protection was handled before May. Whereas Germany has always been very strict, there were other European countries who had looser regulations. The thinking behind it is to give individuals more control over their personal data no matter where they live.
Main goals of GDPR:
- harmonize data privacy laws across Europe
- protect and empower every EU citizen’s data privacy
- reshape the way organizations across the region approach data privacy
GPDR also replaces the Data Protection Directive 95/46/EC, which was in effect since 1995. As our world is becoming increasingly data-driven updated guidelines were more than needed. In the 90s, we had several technical items like cameras, phones or computers but none of them were connected. Nowadays Alexa, Siri, Google Home etc. own a lot of your data and send it around across devices all the time.
Alone in 2017, there were more than 2.6 billion records of data breaches - and 1.756 data breach incidents. Before GDPR was implemented, more than 50% of all breaches had an unknown amount of data records involved because the information was not publicly available in the breach disclosure.
How tools can help with GDPR compliance
GDPR comes with severe penalties for companies who do not comply - and they have to report breaches within 72 hours. A big challenge for companies who try to do it all manually.
With the right software it is much easier to become GDPR compliant. Let's take the right of access as one example: More and more companies are getting requests from employees to reveal all the data they have stored about them. For many companies, giving out this sort of information is not so easy as the Personal Identifiable Information (PII) is not always stored in structured files. It could sit in unstructured documents, PDFs, emails, and archives.
Software solutions like ayfie Supervisor can help you "read" a vast amount of unstructured data within seconds, pull reports on all the indexed data and implement the solution effectively within your company. In this process, it is also ensured that no vital information is missed out in the reports.
Methods like these are much faster than doing it manually, which is what most companies do at the moment.
ayfie's approach for providing software that supports GDPR compliance
ayfie is a market-leading search and text analytics solution that deals with every kind of unstructured data. The difference between structured and unstructured data is that structured data is for instance held in a database or Excel spreadsheet whereas unstructured data is all about natural language that can be stored in a Word document, PowerPoint file, PDF or other types of file formats. It is not clear where the data point to pull out is located.
With ayfie's mixture of statistical-, machine learning- and linguistic capabilities, extracting the data out of the unstructured document is possible. ayfie structures the data for you automatically by, e.g., saying what a personal name, an email or a phone number is. All sorts of PII can be tagged in the document and accessed later on in a report.
ayfie's Enterprise search product Locator, that builds an index of all available data via various connectors is the basis of the GDPR solution ayfie Supervisor. All relevant documents from different data sources are being pulled into a centralized system while respecting the security- and privacy settings as well as the access level of all individual documents.
ayfie has a broad structured index about the documents and the metadata contained in those documents, and we provide a tool on top of that index called ayfie Supervisor. Supervisor gives Security Officers the ability to file reports and define which person is filing which kind of reports as well as which data should be included. These reports can be exported as CSV files or Excel spreadsheet so they can either be processed further in a different workflow step or handed out to individuals.
Here is an overview of how the process works:
The dashboard of ayfie Supervisor has various settings for widgets and looks as follows:
If you want to see the solution in action watch the recording of the webinar from minute 16 here.
Additional GDPR materials
ayfie has created a fair amount of collateral to support you with GDPR.
Or you can inform yourself with all the collateral from our previous GDPR webinar: