Skip to content

Keeping The GDPR Wolf At Bay With A System Healthcheck

Ben Morris Jan 22, 2019 10:46:00 AM

Within a year of Europe imposing new privacy rules, France comes down tough on Google with sanctions, fines and tough enforcement.

The aim of the GDPR is to protect all EU citizens from privacy and data breaches in today’s data-driven world. GDPR compliance is a complex and time-consuming task – you need to assess where you’re affected and what you need to do in order to be compliant. Arguably, the biggest change to the regulatory landscape of data privacy has come through the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of subjects residing in the European Union (currently including Britain), regardless of the company’s location. It is also highly likely that GDPR will stay in place even after Britain leaves the EU.

The good news is that Oracle applications are designed from the ground up to support the handling, security and integrity of data. In fact, we’d say you’re already 90 per cent of the way there as far as GDPR goes if you’re running Oracle.

eu-general-data-protection-regulation-gdpr

1. System Health Check

In order for you to make informed decisions about what GDPR means for your organisation from a legal standpoint, you need to understand the data you already hold and the way your systems interact with that data.

Claremont’s System Health Check helps you determine whether your system applications are working appropriately to manage GDPR compliance.

We analyse the security of the information you store and check the data flow between systems, ensuring the organisation-wide integrity of personal records. The System Health Check is tailored to your specific requirements to include, for example, checking for data ambiguity, integration issues and levels of data security.

 

2. GDPR Data Discovery Reports

Claremont’s data discovery uses custom logic to interrogate your back office applications database, surfacing all personal data we believe is related to GDPR. You can then restrict or search data with the use of parameters to provide two types of reports:

  • An administrative report showing a list of personal data records.
  • A personalised per-person report containing all information held for an individual data subject.

These two reports unlock personal data from your system, giving you the visibility you need in order to decide what needs to be done to make your organisation GDPR compliant.

Our GDPR Data Discovery Reports also help to automate the process of ongoing compliance. Reports can be scheduled to run automatically against different parameters, to suit your particular needs. For example, you may want to surface any information that hasn’t changed for a specified number of years.

The second type of report, containing all personal data held for an individual data subject, is ideal for servicing requests by individuals for the data your organisation holds on them.

 

3. Advanced Data Deletion and Masking

Compliance with GDPR requires you to be able to remove data from your systems, not least because of the ‘Right to be forgotten’ part of the directive.

However, deleting data from complex systems is not a straightforward task. In some systems, it may be impossible to delete information without compromising data elsewhere.

Claremont has experience in helping organisations remove or, where that is impossible, mask data in order to make it meaningless. Our methodology enables us to create a custom solution for you to safely delete or mask data as part of your initial or ongoing GDPR compliance work.

GDPR is a far more complex process than first envisioned, and keeping compliance wolves at bay is key to maintaining legal practice. If you have any concerns, contact Claremont directly – we’ll ensure that you’re GDPR compliant now and in the future.