The General Data Protection Regulation (GDPR) has imposed strict data protection rules on organizations using the personal data of European Union residents, as well as significant fines for violations. Achieving GDPR compliance is an ongoing challenge for any organization that has European customers, business partners or employees.
We can help you meet your GDPR compliance requirements and seize the opportunity to:
Strengthen your brand reputation by demonstrating sound information governance and a responsible approach to security and privacy which respects the rights of individuals
Show how easy you are to do business with by responding quickly to information requests from your customers and providing them with easy access to their personal data
Build trust and loyalty by giving your customers real value in exchange for their data, in the form of relevant, timely and personalized offers
Control and organize diverse personal data throughout your business
Personal data takes many different forms and only a fraction of it is located in databases. The majority is unstructured data such as emails, reports, voice recordings, chat logs, paper correspondence and transactional documents such as bills and statements.
We can help you to improve the way you manage all of this unstructured content throughout your business to achieve greater transparency and control. Any data, regardless of its format or source, can be processed and stored in a GDPR-compliant manner.
The benefits
Our GDPR compliance solutions, built on the Columbus enterprise information management platform, are designed for effective information governance and offer a range of capabilities to help you meet your regulatory requirements:
Automated data classification
Personal data can only be correctly managed if it is first correctly identified. Automated classification allows you to categorize new and existing information so that it can be managed and accessed appropriately. Multiple classification criteria can be applied, such as data owner, sensitivity level and required retention period. Integration with analytics engines allows personal information to be identified quickly from new data sources.
Data access and portability
The GDPR gives individuals the right to request access to their personal data and the right to have that information transferred to another service provider in open, shareable formats. Organizations must provide the requested data within one month. The Columbus suite lets you capture and store data in diverse formats and transform it automatically into a range of common formats such as CSV or XML, to satisfy customer access and transfer requests promptly.
Data minimization and the right to be forgotten
The GDPR data minimization principle requires you to limit the personal information you hold to the absolute minimum, and to retain it no longer than strictly necessary. Rules-based information lifecycle management allows you to set data retention policies to manage information from cradle to grave and erase data automatically when there is no longer a legitimate purpose for retaining it. Equally, you can delete personal data immediately on request whenever customers exercise their right to erasure, and provide a tamper-evident audit trail to prove that requests have been fulfilled, with blockchain integration to provide a trusted record of events.
Data protection by design and by default
The GDPR requires organizations to put in place technology and processes founded on data protection principles. Comprehensive data security and privacy measures are built into the Columbus suite to ensure that personal data stays protected at all times. Features include advanced identity and access management; certified authentication measures such as digital signatures; data segregation; data redaction; data disguising to support anonymization and pseudonymization; and secure, tamper-evident and encrypted data storage.
Compliance monitoring, auditing and reporting
Proactive, real-time monitoring allows you to keep track of all activities related to personal data – such as access, erasure and distribution to third parties – and generate detailed information which can be shared with regulators and auditors to provide proof of compliance. You can also use automated alerts to flag up potential compliance issues and pass information to security information and event management (SIEM) systems to prompt investigation of unusual or suspicious events.
Legacy application decommissioning
An important part of information governance is to ensure that all systems containing personal data are fit for purpose.
Legacy systems or older content storage systems may not provide the security, flexibility or accountability required to support GDPR compliance.
Legacy application decommissioning allows you to extract the data you need from these problem systems and maintain access to it in a compliant environment.
The original legacy application can then be retired. This approach rationalizes your data landscape in order to simplify data protection, as well as saving significant costs.
Customer communications management
The GDPR gives customers greater control over their personal data and makes it easier than ever before to withdraw consent for marketing and other communications activities.
In order to maintain customer confidence and earn the right to use personal data, organizations must demonstrate value in every customer interaction. Our customer communications management solutions support this process by enabling you to create highly targeted, personalized communications based on individual data and preferences, and to engage with customers consistently across multiple channels.
A centralized document processing facility allows you to monitor and control all digital and printed communications and add new process steps – such as encryption – to support GDPR compliance.
Data protection beyond the GDPR
New regional data protection laws are coming into force across the world and are placing an additional regulatory burden on businesses.
Global organizations need to comply with multiple compliance regimes to ensure that personal and sensitive information is handled appropriately in different geographies.
Our data protection solutions provide the flexibility to manage enterprise information in accordance with all regulatory requirements, and help you to adapt quickly as new legislation is introduced.