Data Analysis for GDPR Compliance
GDPR Requirements on Data Analysis
GDPR requires, as descibed in several articles, analysis on the personal data to be conducted.
The product with which we conduct data analysis in Structured and Unstructured data is ComplyKey™.
ComplyKEY™ it is a Compliance Suite from WaterFord Technologies™, it is consisted of two (2) software applications (a) SISCIN™, including the Vue-X module and (b) MailMeter™, which combined solves Structured and Unstructured Data search and management and helps organizations becoming compliant with GDPR.
- DSAR Capabilities
- Search Personal and Sensitive Data
- Review and Analyze Data
- Create Data Management Policies
- Email and File Compliance in the Cloud
- Encrypt Email and File Data via Archiving
ComplyKey™ Cover the Following Key GDPR Articles Regarding Data Analysis Requiremets.
- This regulation applies to the processing of personal Data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.
- Any information relating to an identified or identifiable natural person … who can be identified, directly or indirectly … by reference to an identifier.
- Processing of personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic Data, biometric Data for uniquely identifying a natural person, data concerning health or data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
Article 12, 15, 16, 17, 19
- Right to DSAR, Erasure and Portability *Probably the biggest issue for any organisation, both the Data Protection Commissioner (DPC) & Information Commissioner’s Office (ICO) believe this has the potential to become the biggest drain on resources for organisations through sheer volume alone*
- ComplyKey™ provides specific KEY word searches within Email and File, subject line or attachment instantaneously across the entire File/Email archive with the ability to Tag for review by your Data Protection Officer (DPO) before export to the requester.
- Data subjects have the right to data portability, meaning they can request the personal data they have supplied to a controller in “a structured, commonly used and machine readable format” in order to give it to another data controller. If technically feasible, the data subject can require the current controller to transmit it directly to the new data controller.
- ComplyKey™ provides the ability to transfer or export any DSAR searches to either the DPO, DSAR subject, Legal & HR departments or directly to a new employer.
- "the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this regulation".
- ComplyKey™ gives the controller the ability to demonstrate compliance with GDPR regulations in regard to their email archive, file data, PST’s and Backups.
- Data protection by design and default. The GDPR requires that employers (and other data processors) should be “audit-ready” at all times, meaning that all employer’s systems will need to be set up to ensure compliance by design.
- ComplyKey™ is a data protection and compliance advanced interface by design. It provides the ability to monitor email and file archive content against specific KEY word lists, send automatic notifications for the DPO to review or audit.
- "controllers shall maintain a record of processing activities under its responsibility".
- ComplyKey™ allows your organisation to not only demonstrate full GDPR searching on email archive but also provide digital signatures for proof that the emails are unaltered, with ‘stamping’ to prove that any flagged email has been reviewed by your DPO and a full audit trail of activities by ComplyKey against file data.
Article 32 - (a)
- (a) The pseudonymisation and encryption of personal data; (b) The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- ComplyKey™ captures all emails in and out of your organisation in real time and stores in a compressed, digitally stamped and encrypted state. Any files identified as sensitive can be archived and encrypted for protection.
Article. 33, 34
- Data breach – 72 hour window to notify the relevant supervisory authority of the breach (Article 33). Article 33(3) specifies four requirements in such a notification: the nature of the personal data breach (including categories of data and approximate number of data subjects impacted), the name and contact details of the firm’s data protection officer, an analysis of the likely consequences of the breach, and measures taken or proposed to be taken to mitigate negative effects.
- ComplyKey™ puts powerful reports in the hands of managers and DPO’s rather than IT. This avoids wasting valuable technical resources for email and file investigations by giving managers the ability to quickly identify potential breaches before escalation.