First Multi-Million GDPR Fine in Germany

€14.5 million fine for not having a proper data retention management policy in place

GDPR Fine for data retention management

On October 30th, 2019, the Berlin Commissioner for Data Protection and Freedom of Information made history by delivering her first multi-million GDPR fine to the German real estate company, die Deutsche Wohnen SE for not having a proper data retention management in place, direct infringement of the General Data Protection Regulation (GDPR)

This is the highest GDPR fine to be issued in Germany to date.

Why the infringement?

Deutsche Wohnen SE has been accused of utilising an archiving system for the storage of personal data pertaining to their tenants which does not facilitate the erasure of data that is no longer necessary or required. This data was of a personal nature i.e. it included personally identifiable information (PII), such as tax data, social security, and health insurance data, bank statements, employment contracts payslips, etc.

Deutsche Wohnen SE was audited in June 2017 and was made aware that they were in breach of data protection regulations at the time. Following another audit in March 2019, Deutsche Wohnen SE was again unable to prove a legal ground for the continued retention of the same PII data or demonstrate the ability to clean up their databases by deletion of no longer required data.

Deutsche Wohnen SE did, however, try to start a project to clean up the data however, the Berlin DPA found that these measures were not adequate.

“Deutsche Wohnen could have readily complied by implementing an archiving system which separates data with different retention periods thereby allowing differentiated deletion periods as such solutions are commercially available.” Maja Smoltczyk, Berlin Commissioner for Data Protection and Freedom of Information (Berlin DPA)

GDPR articles enforced

Article 25 (1) and Article 5 of GDPR were actioned against Deutsche Wohnen SE. Article 25 (1) GDPR requires data controllers – subject to  additional preconditions – to provide for appropriate technical and organisational measures which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of GDPR and protect the rights of data subjects. Article 5 in brief states that that personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’) and kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’).

Calculating the €14.5 million fine

It seems that the Berlin DPA applied the recently published fining guide of the German supervisory authorities. Looking at the calculations it is apparent that 2% of annual revenues were enforced instead of the 4% of annual revenue that is laid down by GDPR as a maximum infringement of Article 5. In order to reduce the fine that Berlin DPA has taken into consideration that the company had taken some measures to try to remedy the infringement as notified back in June 2017.

“I recommend all organizations processing personal data to review their data archiving for compliance with the GDPR.” Maja Smoltczyk, The Head of the Berlin DPA

Data commissioners in Europe are really starting to up their game when it comes to issuing GDPR fines. Controllers and processors of data must now take urgent action to review their processes and examine their handling of personal data, regardless of where they are situated. Waterford Technologies can readily assist you with the creation, adoption, and implementation of such data retention policies.

ComplyKey offers more granular control of your email and file data for retention and destruction management

Waterford Technologies offers a retention management solution for GDPR and other data protection regulations, that is comprehensive, easy to use and powerful at protecting and enforcing your company’s retention policies.

The ability to create multiple retention categories and tags and assign different periods to specific users and departments gives you total control over email and file retention and destruction.

Enforce Retention Policies

One of the greatest assets of an email and file archive is control over the retention of messages in the archive. With the Waterford Technologies retention feature, you can ensure that your retention policy is adhered to by creating retention categories and tags or setting custom retention periods for individual users or emails.

Retention can be controlled by time and /or by person groups. Person groups can be created that contain current and former users and then retention categories can be applied to those groups. For example, your organization wants to set a retention policy of 5 years for all message but users in the Executive or Financial organisations need to be kept for 7 years. MailMeter set it and forget it Retention Policies make sure that messages are kept according to your record retention policies.

Intelligent Destruction

ComplyKey’s retention feature automatically evaluates your retention policy on every scheduled run. If the policy has been changed at any time, the module will automatically enforce the new policy and purge emails tagged for deletion on its next run. This allows you to intelligently control not only retention but also the destruction of email.

Avoid Accidental Deletion

The ability to retain specific emails or messages from specific users and apply a litigation/legal hold to relevant emails allows you to avoid accidental or wilful deletion. For example, applying a litigation hold to an email will ensure that it will be retained past its normal retention period. After the mail is no longer required, removing the litigation hold will mean the mail is automatically purged on the next scheduled run.

Meet Regulatory Requirements

Implementing an adequate retention policy is key to ensuring regulatory compliance. Your business may be subject to many regulations including Sarbanes-Oxley, FINRA, HIPAA, and GDPR. The ability to create sophisticated and granular retention policies with ComplyKey will help your business to achieve regulatory compliance.

ComplyKey Retention Benefits

  • Enforce email retention policies
  • Protect against accidental deletion
  • Prevent wilful destruction of email
  • Meet regulatory requirements

Take urgent action to review your companies processes and examine your handling of personal data, regardless of where you are situated. Waterford Technologies can readily assist you with the creation, adoption, and implementation of such data retention policies.

Contact our Sales team now or request a free demo to see how Waterford Technologies might be able to help your organisation with their data retention management for GDPR and numerous other global data protection legislation.

 

Laura Stotesbury

Head of Marketing

Waterford Technologies

 

Waterford Technologies Launches MailMeter- Version 7.1

Waterford Technologies launched MailMeter Cloud 7.1

Organizations are finding today that meeting regulatory requirements and complying with new and current legislation is a challenge.  Unstructured data like email presents a whole range of hurdles when trying to prevent violations or when responding to discovery requests. 

Unstructured data makes up 80% of storage on your servers.
It is generated by conducting your day to day business and consists of email and files such as documents, images, and videos.
Without the correct management tools, this particular data is difficult and time-consuming to see and uncover,- a key requirement of GDPR, FOIA, and general data regulations.

Waterford Technologies has significantly invested in the development of our product set to provide Compliance functionality for unstructured data in both email and file. We have introduced a powerful smart GDPR, FOIA, and eDiscovery solution reimagined to make it easier for you to effortlessly manage your email data- no matter the size of your company.

Available this July, Waterford Technologies are delighted to announce the launch of MailMeter  7.1, enabling organizations to meet demanding compliance requirements and address eDiscovery requests easily, quickly and effectively.

What has changed?

MailMeter 7.1 is a pro-active Microsoft Azure SAAS cloud and on premise-based compliance and data management platform where you can find every single email in your organization, conduct e-discovery, Freedom of Information and DSAR’s searches directly from your desktop. The platform gives you the ability to narrow the scope of your search across email using clearly defined criteria giving our clients the visibility they need for effective monitoring, eDiscovery, compliance, auditing & reporting across a variety of data regulations. 

  • New Operations Portal, a completely redesigned user interface – individual search, e-Discovery search, compliance policies and message retention under a single interface
  • Real-time message filtering, tagging, and labeling- MailMeter cloud message filtering enables an organization to define proactive pre-archiving rules that can discard, tag or label messages based on message participants, message type or keyword content in the message to control archive content, identify compliance violations and assist message analysis.
  • Scoped searching- MailMeter Cloud enables authorized users to set up restricted access for eDiscovery or compliance searching. Using scoped searches, archive access can be limited to any search criteria, which specific types of tags can be used, and which type of actions can be performed.
  • Compliance policies- this new feature enables organizations to establish policies that automatically monitor and identify non-compliance email communication. Reviews can quickly be performed to take actions based on internal policies to reduce risk and ensure regulatory compliance.
  • Delegated access- The new delegated Access feature enables one user to access and search another users email stored in the archive. This feature can be used to allow a manager to access their current and former team members email. You will no longer have to retain former users mailboxes to enable other users to access that users’ messages. All activity performed by the delegated user is recorded in the audit trail.

Benefits you will love-

  • Legal search cost savings and speed of recovery 
  • Respond to DSAR’s promptly
  • Help avoid data regulation penalties and reputation damage
  • Storage and back up cost savings
  • Direct line access to storage
  • Encryption of stored data
  • Full audit trail for email

ComplyKey

MailMeter 7.1 is a key feature in our ComplyKey Suite- ComplyKey Suite is built around two ideas, First, full visibility into your email and file volume and activity enables you to more effectively and efficiently manage your data 24/7. Second, companies need a tool that is data regulation audit-ready, flexible enough to support your GDPR, FOIA and data compliances policies and agile enough to deal with subject access requests (DSAR), freedom of information and e-discovery searches across your email and file data.
For more information on finding the right data compliance and management solution to fit your organizational needs, simply contact us for a callback.

 

 

Waterford Technologies Launches SISCIN Vue-X

File management and compliance platform

Bringing data compliance & archiving to your companies file servers in the cloud.

Data compliance and management has become a key requirement for businesses in today’s economy. In the digital age, companies are responsible for increasing amounts of data, both of their customers as well as their own employees. Meeting regulatory requirements and new legislation is a challenge. Unstructured data like file presents a range of hurdles when trying to prevent violations or when responding to discovery requests. 

With all the compliance regulations, such as Freedom of information act (FOIA), California Consumer Privacy Act (CCPA) and General Data Protection (GDPR) as well as the mass increase in e-Discovery requests, Waterford Technologies as a direct result has introduced a powerful smart File compliance solution, reimagined to make it easier for you to effortlessly manage your unstructured data- no matter the size of your company.

Data compliance starts with visibility -Waterford Technologies has launched SISCIN Vue-X to give our clients the visibility they need for effective monitoring, eDiscovery, auditing and reporting across a variety of data regulation standards.

SISCIN Vue-X is a Cloud-Based File Compliance & Archiving Solution.

SISCIN Vue-X is a cloud SAAS file analysis and archiving solution hosted in Azure, it provides content indexing to assist with e-Discovery, FOIA and GDPR requests. Searchable content for file data at its core, it allows an unprecedented analysis of data to meet compliance standards. Clear reporting dashboards give a complete overview of files, enabling immediate action to happen. 

  • Archiving solutions are needed when critical information needs to be protected and still be accessible regardless of its age. SISCIN provides a broad set of analytic tools which enable an organization to delve deeply into the types of data being stored on servers, determine when it was last accessed and its age.  Using this detailed information decisions can be made whether to remove obsolete file data and /or move critical file data to a safe location in the cloud.
  • Using SISCIN Vue-X an organization is now able to search file content across all servers from a single application to location-specific content for business analysis and quickly respond to e-Discovery, FOIA, and GDPR DSAR requests.

Key Benefits of SISCIN Vue-X

  • Compliance – search file content across all servers from a single application.
  • Intelligent Management- empowering data managers to understand, identify and clean their data. Remove obsolete data and clean their data in preparation for data regulation or for good practice. SISCIN with Vue-X uses windows native iFilter capability to scan documents and files for any text that they contain. This text is then used by the Vue-X engine to create a comprehensive searchable index of your document \ file store. 
  • Reduction of back up costs – tools to control and manage unstructured file data from one central dashboard.
  • Security – SISCIN compresses and encrypts data on your servers before transfer. Selected files can be split and stored in different Cloud or local tiered storage locations and with different cloud providers for additional security. 
  • Reporting – Clear and concise reporting dashboards give a complete overview of files, enabling immediate action to be taken.

Compliance is a challenging part of doing business today and proving unstructured data compliance isn’t an easy task, our solutions allow the business to stay ahead of data regulatory shifts with compliance solutions that are easy to manage and implement. If you would like a quick demo of our SISCIN Vue-X file compliance and management platform, contact us today.