DPO

Data Protection Officer

As a data protection officer, you are a leader in the field of corporate security as required by the General Data Protection Regulation (GDPR) and other similar regulations. You are responsible for monitoring your company's data protection strategy and its implementation to ensure compliance with the GDPR and other regulatory requirements.

How Does GDPR Effect Email and File for DPO’s

While GDPR does not include any specific language relating to email, email is one of the most common forms of handling personal data, meaning it is subject to GDPR requirements and compliance. On average employees send and receive approx. 121 business emails per day— that’s a lot of data, including personal data. — it’s essential that DPO’s implement company-wide email and file policies ensure compliance. Data archiving needs to be a main factor in a DPO’s toolkit.

Make Data Archiving Part of your DPO Toolkit.

Organisations need to implement tools and processes now to comply with GDPR and other regulatory policies. By leveraging powerful email archiving technology, your business can greatly reduce its compliance risk – and subsequent weighty fines.

Ensure Compliance

Our policy-based approach allows you to set up retention policies that are right for your organisation. By doing this you can ensure that you are automatically retaining each item of data securely for as long as it is needed. As DPO you can confidently show that you are meeting government and regulatory requirements.

Implement Email Retention

One thing that frequently comes up with GDPR is the concept of processing personal data. In this context, processing refers to a “wide range of operations performed on personal data,” including collection, alteration and, of course, storage. Article 5(1)(e) of GDPR states specifically that personal data must be “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.” MailMeter Archive’s Retention Manager is a comprehensive, easy to use, powerful solution for protecting and enforcing your business record retention policies. As far as email is concerned, data retention can be easier said than done. Do your employees know what constitutes personal data? Do they forget to delete emails containing personal data? If you had a data breach, would you be left vulnerable to GDPR non-compliance or worse.

Data Destruction

The MailMeter Retention Manager’s sophisticated process will analyse all recipients of an email and enforce the destruction policies for each group separately. For example, if an email is sent from Richard in Accounting (retention period of 5 years) to Susan in Sales (retention period of 3 years) the MailMeter Retention Manager will delete the message for Susan after 3 years while leaving the same message intact only for Richard in Accounting.

Litigation Hold

The MailMeter Retention Manager provides protection for any email destruction with a Litigation Hold capability that can lock down a user, group, or selected emails to meet your legal department’s requirements. With Litigation Hold, an authorized user can prevent any messages from being destroyed even if the retention period has expired for all recipients of a message. Additionally, certain emails might need to be saved to create an audit trail or so that they can be reproduced in the event of an eDiscovery request or pending litigation.

Security and Data Protection

Search across your entire history of emails in minutes for export or review, safe in the knowledge that all the information is stored securely with full audit trail to ensure it has not been tampered or altered. All email records are stored in an unaltered state – they remain in their original format, unchanged in any way. For file we have Bit Level Encryption – SISCIN compresses and encrypts data on your servers before transfer. Selected files can be split and stored in different Cloud or local tiered storage locations and with different Cloud Providers for additional security.

Streamline SAR Requests

Personal data about individuals is shared extensively within emails, and these emails must be produced by an organisation if a subject access request (SAR) is made by individuals exercising their right to see their personal data. Organisations are receiving an unprecedented number of SAR, eDiscovery and Compliance requests relating to employee email. The legal costs are directly related to the time it takes to search and retrieve information within email. With MailMeter, this time is cut from months to minutes, vastly reducing legal costs. With MailMeter Investigate, as DPO you can quickly find everything you are looking for even if all retention periods have expired and users can’t see the messages. When Litigation Holds expire, MailMeter Retention Manager will automatically delete messages according to their retention periods

Role Based Access, Anytime Any Where

A tiered level of controls provide access to email records by authorised users. Every interaction with the Archive provides a full audit trail of all verified users and departments and their actions. Demonstrating strict regulatory standards of processing and procedures of best practice.

Managed Service

Often Data Management and compliance responsibility is given to the DPO. Were here to lessen that burden. We provide both the toolset to completely manage email and file Data and the support of our team of Data Management experts who will hold your hand through the process. Our experts will assist you in finding your Data, assessing its worth, planning and putting it into practice. We enable you to set automated policies for historical and future Data Management and set up and run clear and accurate reports to keep your organisation always informed.
Data Archving for DPO'S

Our Data Archiving Solutions Address the Following GDPR Articles for DPO’s

This regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. 

Any information relating to an identified or identifiable natural person … who can be identified, directly or indirectly … by reference to an identifier. 

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for uniquely identifying a natural person, data concerning health or data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited. 

Right to DSAR, Erasure and Portability *Probably the biggest issue for any organisation, both the Data Protection Commissioner believe this has the potential to become the biggest drain on resources for organisations through sheer volume alone* 

Data subjects have the right to data portability, meaning they can request the personal data they have supplied to a controller in “a structured, commonly used and machine-readable format” to give it to another data controller. If technically feasible, the data subject can require the current controller to transmit it directly to the new data controller. 

Data protection by design and default. The GDPR requires that employers (and other data processors) should be “audit-ready” at all times, meaning that all employer’s systems will need to be set up to ensure compliance by design. 

‘The controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this regulation.’ 

“Controllers shall maintain a record of processing activities under its responsibility” 

The pseudonymisation and encryption of personal data. 

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. 

(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. 

Data breach – 72-hour window to notify the relevant supervisory authority of the breach (Article 33). Article 33(3) specifies four requirements in such a notification: the nature of personal data breach (including categories of data and an approximate number of data subjects impacted), the name and contact details of the firm’s data protection officer, an analysis of the likely consequences of the breach, and measures taken or proposed to be taken to mitigate negative effects.  

DATA Archiving for DPO’s

Summary of Main Features

Organisations need to implement tools and processes now to comply with GDPR and other regulatory policies. By leveraging powerful email archiving technology, your business can greatly reduce its compliance risk – and subsequent hefty fines – while improving the efficiency of compliance processes. Contact Waterford Technologies for a free GDPR email archiving consult today.
Search Personal and Sensitive Data 
Create Data Management Policies 
DSAR Capabilities
Review and Analyse Data
Email and File Compliance in the Cloud 
Encrypt Email and File Data via Archiving
DATA ARCHIVING FOR DPO’S

Summary of Benefits for DPO’s

Organisations need to implement tools and processes now to comply with GDPR and other regulatory policies. By leveraging powerful email archiving technology, your business can greatly reduce its compliance risk – and subsequent hefty fines – while improving the efficiency of compliance processes. Contact Waterford Technologies for a free GDPR email archiving consult today.
Business Intelligence 
Reduce Data Footprint 
Pinpoint Personal and Sensitive Data
Increase ROI of Data
Be Audit Ready for GDPR 
Consolidate O365 User Licenses