GDPR is complex and wide ranging to be sure. ClassiDocs provides an eDiscovery and Data Classification platform in one solution, one panel, one set of APIs..
People – You need to find information about customers, employees, stakeholders and other potential requesters. More importantly, you need to find explicit and specific identifiers about your persona in scope like account numbers, relationship, gender and other Identifiable Information sets.
Other Identifiers – In addition to explicit information identifiers, you still need to classify your information sets according to country & jurisdiction-specific definitions. Relational/ referential data sets – data that may be attached to other information to form identifiable data points – also need to be documented, managed and classified.
Sources of Identifiers – Traditionally customer, employee or partner information was always simply treated as islands of data on their own. Custom applications, CRM, billing and process management systems all will contain some portions of PII information sets. These authoritative information sets are all excellent sources for PII identification.
Unstructured Data – As data communications and integrations increase – data tends to exist in many different formats and locations (office documents, PDFs, etc.). In plenty of instances PII information may be included in these files (PDF from a fax machine, Excel documents with customer records, letters to individuals, etc…). This data tends to be scattered and not well controlled.
Applications & Databases – Repositories with specific functions (custom and commercial applications) are also within scope of the GDPR regulation – so must be included in any of your discovery activities. PII information may reside in any of these repositories, and may also be sources of ‘anchor’ identifier information.
Remediate – To have a ‘magic’ process that removes/ updates all PII-related data for a GDPR query in one click is quite some time away, maybe never. In the meantime, you have to comply and deliver results. ClassiDocs will report via API and/or console detected results for your PII query – leaving your team to action the request – manually, automated – or some combination of both!
Audit, Confirm, Validate – After sourcing, finding, reporting and remediating PII-related data – you will need to audit and continuously monitor for these data sets. ClassiDocs will report ‘initial’ state, ‘remediation phase’ and ‘complete state’ results as is discovers and re-scans and re-classifies data sets ongoing. You will be able to report and document your current and ongoing compliance state to the query.