Summary of GDPR
European parliament’s efforts to protect its citizens’ data, gave birth to the much-awaited General Data Protection Regulation (GDPR). Adopted on May 14, 2016, GDPR took effect on May 25, 2018. The law applies to each member state under the European Union and aims to create a data protection strategy that covers both consumers and personal data. Firms and individuals not complying with the regulation will be met with stiff penalties and fines.
Does GDPR apply to your organization?
GDPR’s main aim is to implement a single data security law across all EU members so that each member state doesn’t have to come up with a law of its own. According to Article 3 of GDPR, the law applies to
- All EU member states
- Any firm that sells its goods and/or services to Europeans, regardless of whether it is located in Europe or uses equipment in Europe or not
Where will non-compliance take your business?
Businesses that don’t comply with GDPR can be fined up to EUR 20 million or 4% of their annual global revenue, whichever is highest in the event of a security breach.
A few key clauses under GDPR
GDPR puts the data subjects in the driver’s seat. It urges businesses and organizations to comply with a set of rules that benefit the data subjects. A data subject is any person whose personal data is being collected, held or processed. Below are a few key clauses under the regulation
- Right to know what data/information is being collected and processed online
- Data subjects possess the right to access their personal data
- They can request and receive a copy of their personal information collected by a firm
- They can also receive certain information about how the data controller (any organization) processes their information
Kogni can help organizations comply with this clause. Anytime a consumer requests to access their data, organizations leveraging Kogni can pull the data up instantly from all available data sources.
- Right to opt-out of businesses selling/reselling customers’ personal data
- Data subjects can opt-out of their data being processed for marketing purposes
- They can opt-out of their information being sold to third-party sales that support marketing purposes
- Right of Data portability
- A data subject can request for a structured and machine-readable copy of their personal data
- They can also opt to transfer the data to another data controller
- Right to Deletion/Erasure
- Data subjects can request for the erasure of their personal data
- Businesses (data controllers) must also inform other businesses (third-party data controllers) that process such data to ensure complete deletion of the information
When a data subject initiates their right to deletion, organizations that use Kogni’s services can instantly collect their data from all available sources and comply with the clause well ahead of the stipulated duration.
- Right of rectification
- Data subjects have the right to correct incorrect personal data
- They also possess the right to complete incomplete personal data
- Right to restrict and object to processing
- Data subjects possess the right to restrict data controllers from processing their personal data, under certain circumstances
- They also have the right to object to their personal data being processed for various activities like profiling, marketing, statistical and scientific or historical research purposes
- Right to object to automated decision making
- Data subjects can opt-out of subjecting themselves to automated decision making, like profiling for marketing activities that have legal or other significant effects attached to the data subject, subject to a few exceptions
- Responding to rights requests
- GDPR requires that the data controller (any business collecting/processing a subject’s personal data) verify the data subject’s identity before responding to a request
- It also requires that any request by a data subject be attended to within one month of placing it. The data controller may take two more months' time if needed, post notifying the data subject
- In the condition that the data controller is not able to comply with a data subject’s request, they must give the latter a reason for the same
- The data controller may charge the subject a fee for gaining access to a particular piece of information
How can Kogni address the GDPR challenge?
Knowing where sensitive data is located and properly governing it with policy rules and impact analysis is critical for compliance, audits and risk management. Kogni, the world’s leading data privacy, and security product helps solve all of these challenges. The data-centric software’s data discovery tools enable companies to discover sensitive data in enterprise data sources, secure data as it is ingested and continuously monitor data sources for possible breach and policy violations. Kogni, with automatic sensitive data discovery, is uniquely positioned to help enterprises adhere to GDPR within an accelerated time frame.
Kogni’s single-pane view helps organizations identify their GDPR data over multiple data sources and repositories
Kogni’s Sensitive Data explorer feature
Kogni's Sensitive data explorer helps organizations identify further context around the data in terms of location -whether it is in the cloud, on-premise or controlled by a third-party. This feature comes in handy when a data subject executes their right to access their personal information or requests its deletion.
Companies are also able to utilize the built-in data security capabilities in Kogni to further protect that data manually or automatically through encryption, hashing, anonymization, and tokenization.
When it comes to protecting data, organizations need to view it as an established component of their security and privacy program. Using less comprehensive tools is no longer a feasible alternative and it is time to take into account all aspects of an organization’s data handling processes. Organizations struggling to address the myriad security and privacy regulations around data should look no further than Kogni. When it comes to selecting a solution that helps you navigate the complex data security and privacy regulation landscape, Kogni is your best choice.