The GDPR (General Data Protection Regulation) defines 25 May 2018 as the deadline by which companies must conform to this new privacy law. The GDPR will focus its attention not only on sensitive data, but also on all personal information that makes it possible to identify an individual. For example, when users browse online, technical metadata can be used to obtain information such as the location, the type of device and the browser being used. These can be considered to be identification data, because by cross-referencing this information it is possible to come close to identifying the individual user. Companies must therefore adapt their current data management systems, by improving several aspects including security and the management of data breaches.
Taking into consideration the company’s consolidated expertise in the realm of Data, Data Reply believes that in order to address the challenges resulting from the new regulation, companies must be aware of what data they have in their possession, where the data is stored, why the data was collected and how it can be used. To identify the data and gather information about its location, a crawling process can be executed, followed by a data classification aimed at defining whether all the data in question is actually needed. Large companies are in fact organised across different databases such as ERP, HR, CRM and marketing, and understanding where the data is located is essential in order to proceed to the subsequent phases of the process. Handling anomalies and securing the data is only possible following the completion of this step. This process cannot be performed as a one-off operation but needs to be repeated periodically. To identify the nature of the data concerned, Data Reply has developed an engine capable of classifying data by type through the application of patterns. Each individual context is in fact characterised by specific patterns and the service can therefore be customised according to the customer’s requirements.
Once the data has been identified and located, the company must improve its data discovery and data governance solutions so as to be able to use the information as a resource that adds concrete business value. In fact, existing outdated IT architectures based on dozens of components do not facilitate compliance with the GDPR. Within this evolving scenario, Data Reply’s expertise and know-how can help customers comply with the regulation and maintain the standards required during future data processing and data retention activities.
Data Reply’s solution is based on two services: Personal Data Discovery Engine and Data Flow Governance Gap Analysis. The Personal Data Discovery Engine analyses and identifies sources that contain personal information. This task requires significant effort, due to the complexity of the data architectures used by today’s companies. To simplify this task, Data Reply has developed a personal data capture tool designed to connect to different data repositories and identify personal information applying fixed models to the data. The Data Flow Governance Gap Analysis tool, on the other hand, improves the management of sources containing personal data and of processes involving the data in question, increasing the associated security and preparing the data for being processed.
The GDPR legislation requires ongoing compliance from companies. To address this requirement, Data Reply helps customers to develop their IT systems in such a way as to ensure that any new computer system or upgrade is constantly updated in this regard.