Data Protection Officer

This page is dedicated to answering the most common questions Data Protection Officers ask us.

Should records request and data archiving software be part of the DPO Toolkit?

Companies should create adopt processes and systems that will help them remain compliant with all regulations. Using powerful workflow, email archiving, and data archiving technologies, will significantly reduce your compliance risk and increase performance.

Our organization created our own system, why do we need to change?

Our policy-based approach allows you to set up retention policies to suit for your organization. Doing this Data Protection Officers ensures they are automatically retaining each item of data securely.

The system automatically removes data that is no longer needed. It also reduces the amount of data store. As DPO quickly find the information required and be even more confident that you are meeting government and regulatory requirements.

GDPR demands that organizations protect personal data in all its forms. It also changes the rules of consent and enhances people’s right to privacy. It’s important for Data Protection Officers to utilize company-wide email and file policies to ensure compliance. A data archiving solution, such as MailMeter, should be a key component in a DPO’s toolkit.

Why does a data protection officer need a separate software solution for email retention policy?

Do your employees know what constitutes personal data? How often do they forget to delete emails containing personal data? Do they use work their work email address for personal use? A data breach, could leave a data protection officer vulnerable to GDPR non-compliance or worse.

One thing that frequently comes up with GDPR is the concept of processing personal data. Here, processing refers to a “wide range of operations performed on personal data,” including collection, alteration and, of course, storage.

Article 5(1)(e) of GDPR states that personal data must be ‘kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.”

MailMeter Archive’s Retention Manager is a comprehensive, easy to use, powerful solution for protecting and enforcing your business record retention policies

How is data destruction managed?

TechTarget defines data destruction as:

‘the process of destroying data stored on tapes, hard disks and other forms of electronic media so that it is completely unreadable and cannot be accessed or used for unauthorized purposes. When data is deleted, it is no longer readily accessible by the operating system or application that created it.
But deleting a file is not enough; data destruction software must be used to overwrite the available space/blocks with random data until it is considered irretrievable’.
TechTarget

MailMeter’s Retention Manager sophisticated process analyzes all recipients of an email. It enforces the destruction policies for each group separately. Here is how it works – an email is sent from Richard in Accounting (retention period 5 years) to Susan in Sales (retention period 3 years). MailMeter Retention Manager deletes Susan’s copy after 3 years while leaving the same message intact only for Richard in Accounting.

What about data that I need to keep for litigation purposes?

We’ve got that covered. MailMeter Retention Manager provides protection for any email destruction with a Litigation Hold capability that can lock down a user, group, or selected emails to meet your legal department’s requirements. Data Protection Officers or an authorized user can prevent messages from being destroyed even if the retention period has expired for all recipients. Additionally, certain emails might need to be saved to create an audit trail or so that they can be reproduced in the event of an eDiscovery request or pending litigation.

Is email and file data protected and secure?

Yes. In fact, it is safer and more secure. Furthermore, you can search across your entire history of emails in minutes for export or review. All information is stored securely with a full audit trail to ensure it has not been tampered with or altered.

Email records are stored in an unaltered state they remain in their original format, unchanged in any way. In addition, for file we have Bit Level Encryption – SISCIN compresses and encrypts data on your servers before transfer. Files can be split, then stored in different cloud, or local tiered storage locations. There is an option for different cloud providers for additional security.

I manage record requests such as FOI, DSAR’s, EIR etc. how does this software help?

DiscoveryControl is purpose built to enhance the Data Protection Officers management of the workflow for record requests. MailMeter encrypts emails and reduced the time it takes to search and retrieve information within email from om months to minutes, vastly reducing legal costs. With MailMeter Investigate, as DPO you can quickly find everything you are looking for even if all retention periods have expired and users can’t see the messages. When Litigation Holds expire, MailMeter Retention Manager will automatically delete messages according to their retention periods. SISCIN compresses and encrypts data on your servers before transfer.

Can the data protection officer restrict access to the software?

Yes, a tiered level of controls provide access to authorised only. Every interaction with the archive provides a full audit trail of all verified users and departments and their actions. Demonstrating strict regulatory standards of processing and procedures of best practice.

Are DPO’s supported after the system is purchased?

Yes. All our ComplyKEY SaaS products are a fully managed service gives a data protection officer both the software and the support of our team of Data Management experts who will hold your hand through the process. Our experts will assist you in finding your Data, assessing its worth, planning and putting it into practice. We enable you to set automated policies for historical and future data management. You can also set up and run clear and accurate reports to keep your organisation always informed.

See it in Action

See it in Action

This regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.

Any information relating to an identified or identifiable natural person … who can be identified, directly or indirectly … by reference to an identifier.

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for uniquely identifying a natural person, data concerning health or data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

Right to DSAR, Erasure and Portability *Probably the biggest issue for any organisation, both the Data Protection Commissioner believe this has the potential to become the biggest drain on resources for organisations through sheer volume alone*

Data subjects have the right to data portability, meaning they can request the personal data they have supplied to a controller in “a structured, commonly used and machine-readable format” to give it to another data controller. If technically feasible, the data subject can require the current controller to transmit it directly to the new data controller.

Data protection by design and default. The GDPR requires that employers (and other data processors) should be “audit-ready” at all times, meaning that all employer’s systems will need to be set up to ensure compliance by design.

‘The controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this regulation.’

“Controllers shall maintain a record of processing activities under its responsibility”

The pseudonymisation and encryption of personal data.

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

Data breach – 72-hour window to notify the relevant supervisory authority of the breach (Article 33). Article 33(3) specifies four requirements in such a notification: the nature of personal data breach (including categories of data and an approximate number of data subjects impacted), the name and contact details of the firm’s data protection officer, an analysis of the likely consequences of the breach, and measures taken or proposed to be taken to mitigate negative effects.

Talk to a GDPR Consultant

DATA Archiving for DPO’s

Summary of Main Features

Organisations need to implement tools and processes now to comply with GDPR and other regulatory policies. By leveraging powerful email archiving technology, your business can greatly reduce its compliance risk – and subsequent hefty fines – while improving the efficiency of compliance processes. Contact Waterford Technologies for a free GDPR email archiving consult today.

Search Personal and Sensitive Data

Create Data Management Policies

DSAR Capabilities

Review and Analyse Data

Email and File Compliance in the Cloud

Encrypt Email and File Data via Archiving

Get More Product Info

DATA ARCHIVING FOR DPO’S

Summary of Benefits for DPO’s

Business Intelligence

Reduce Data Footprint

Pinpoint Personal and Sensitive Data

Increase ROI of Data

Be Audit Ready for GDPR

Consolidate O365 User Licenses

Try a Demo Request a Quote

Products

By Business Need

By Industry

By Role

Data Regulation Map

Resources