Accountability is a legal requirement.
11 months since GDPR was implemented on a European scale and the threat is as high as ever.
Failing to comply with European GDPR regulations can incur fines of up to €20 million or 4% of your company’s annual global revenue. Now more than ever the onus is on companies to take care of the data they handle and ensure that it is protected inline with those regulations stipulated in the GDPR requirements.
All EU based companies and companies that collect data from EU citizens, regardless of their location are impacted by GDPR.
According to the UK information commissioner Elizabeth Denham -GDPR enshrines an onus on companies to understand the risks that they create for individuals with their data processing.
“We find ourselves at a critical stage. For me, the crucial change the law brought was around accountability. Accountability encapsulates everything the GDPR is about.”…… accountability is a legal requirement, it’s not optional.”
Elizabeth Denham , UK information commissioner.(Computerweekly.com)
The nightmare that is unstructured data!
Unmanaged, unstructured data is a GDPR nightmare for DPO’s. Why? , simply because it is raw, unorganised data that cannot be stored in a predefined relational data structure. It is simply not easily organised or processed. The main culprits of unstructured data being email and file data such as pdf files and spreadsheets and other general office documents. Due to its unorganised nature and the fact that this data grows and grows in volume daily, it represents a major challenge when it comes to companies and DPO’s complying with GDPR requirements.
Here is an example of how unstructured data is produced even when mainstream processes, data streams, and support systems are put in place to capture all PII’s.
Example – A legal professional is not able to login to a client’s file on their support system, so they ask a colleague via email for information on a client’s case. The colleague replies via email. Now two messages containing PII are sitting in the company’s email platform.
It would be extremely difficult if not near impossible to write up a process that accounts for PII’s that are hidden in unstructured data.
Unstructured data accounts for approximately 80% of data, imagine trying to filter through all that data to locate all personally identifiable information (PII) of any EU citizens whether it be clients, partners, employees, ex-employees or even suppliers. Not only do you need to locate all PII’s, then you will need to identify why it is stored, where it is stored, who has access to it and with whom it has been shared. It is impossible to manage what you cannot see.
How to achieve GDPR compliance for unstructured data?
The biggest day to day challenge of unstructured data is being able to find it, search it and take prompt action, here are a few steps to help achieve GDPR compliance for unstructured data.
- Define what constitutes a PII in your organisation e.g., address information, gender, phone number, emails address, etc.
- Identify all areas of unstructured data.
- Regularly index, tag, mark any possible sensitive information or PII.
- Encourage your employees to stay compliant by making them responsible for reviewing their data and identifying mails for retention, encryption or deletion.
- Use a mix of process and technology.
In many cases, a process is just not adequate, particularly when there is so much at stake. Relying on staff to review all email and files for PII’s and sensitive data may not be enough to comply with GDPR or and data protection legislation.
Our solutions at Waterford Technologies help comply with some of the main articles of GDPR, thanks to MailMeter and SISCIN, our products allow a company to quickly scan large data volumes either on email or file. Our intelligent software gives instant insight into your unstructured data. Some of the features include.
- Searching for personal and sensitive data
- Reviewing and analysis of data
- DSAR capabilities
- Creation of data management policies
- Email and file compliance in the cloud
- Encryption of email and file data via archiving
How does this help your company remain GDPR complaint?
MailMeter and SISCIN, email and file management and compliance software allow your company to set policies for historical and future data compliance as well as the setup and running of clear and accurate reports to keep your organisation informed at all times. The complex search capabilities of our smart software will assist in eDiscovery DSAR and compliance search requests.
How this helps the DPO.
The duties of the DPO include among others supervising compliance with GDPR regulation and advising on impact assessment in relation to data protection.
Computer Weekly has stated Denham as saying that “data protection practitioners play a “crucial role” in ensuring that organisations’ data protection practices are keeping up with changes in technology and truly putting people at the heart of what they do.”
MailMeter and SISCIN offers a great tool to help execute the function of the DPO thanks to there reporting and search capabilities mentioned above.
If your company collects and stores personal data belonging to EU citizens, then GDPR should be high on your agenda. If you are unsure if your companies unstructured data complies with GDPR, it is time to get in contact with Waterford Technologies…