Are you truly 100% GDPR compliant?
By now, we all know that every organisation operating within the EU has to comply to the General Data Protection Regulation as of the 25th of May 2018. You also know what it entails, and the importance to your organisation. You are also aware of the juridical and financial consequences of defiance. Moreover, you have streamlined your processes to make sure your data will be processed in accordance with the GDPR. But is really all personal data accounted for in your organisation?
How do you make sure that your current and historical data is compliant to the GDPR? Are there really no exports, backups, etc. outside of your primary processes with personal data? Do you really know where personal data is stored, and accessed from, in your organisation? Are the personal details in systems really necessary in the processes they are used for? Are these details indeed only available to those who actually need it? Metaverses provides answers to all these questions with our GDPR scan.
Scope of GDPR frequently underestimated
The European Commission applies a particularly broad definition of personal data. According to the European Commission personal data is “(..) any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”[1]. This definition makes clear that personal data is acquired, evaluated and processed in practically every transactions within your organisation. However, in many processes in your organisation the use of personal data is not required and can be greatly reduced, if not omitted. Do you for example, need to access the personal details of a subject when replying to a general inbound question or request?
The second problem is the availability of personal data, outside of the primary processes of your organisation. In order to fully comply with the GDPR you have to make sure that all personal data is accounted for in your data protection framework. Many organisations focus solely on their primary processes. However, this approach is not sufficient for the rigorous implications of the GDPR. The GDPR also applies to all historic, exported and backed up data within an organisation. This data is frequently not obviously traceable, poorly documented and commonly widely shared inside and outside the organisation. How do you make sure that this data is also processed in accordance with the GDPR when it is out of sight of the regular processes of your organisation? Moreover, are you able to adhere to the rights of the subjects; are you able to execute subjects’ rights such as data portability and ‘the right of erasure’?
Metaverses’ GDPR Data Scan identifies your personal data issues
Metaverses offers an integral solution to meet integral GDPR compliance. By applying our proven data methods and expert knowledge we are able to rapidly deliver results for your organisation. Our vigorous GDPR scan identifies the relevant data in your organisation. We determine its current use and help you establish suitable alternatives such as pseudonymisation or data reduction. For situations where personal data is required we aide you to formulate accurate data protection controls and impact assessments.
The results of our GDPR scan and detailed opportunities for improvement will be presented to you in a comprehensive format. Moreover, we can facilitate your implementation of adequate measures for optimal GDPR compliance.
Do you want to be ready for the GDPR implementation, but are you in need of support in getting there? Contact Metaverses now!
[1] European Commission’s press release January 25, 2012. – http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en