AI-based solution designed to automate personal data discovery and classification

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Data Processing Inventory (ROPA)

Harbor cooperation between DPO, Legal Services, IT and Marketing

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Assessment Automation

Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation

Third Party Management

Guide your partners trough vendor management process workflow

Risk Management

Identifying the risk from the point of view of Data Subject

Incident Management

Quickly respond, mitigate damage and maintain compliance

Consent and Preference Management

Data Removal

Introducing end-to end automation of personal data removal

State-of-Privacy-Assessment (SOPA)

Unstructured Data: What it is and How to Discover it

14/09/2023

Learn the terms

European Commission

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

Saudi Arabia’s Personal Data Protection Law PDPL

24/08/2023

Legal & Ethical Review & Mastering Informed Consent for Clinical Trial Studies

22/03/2023

The Value of Data Discovery Solution In Pharmaceutical Industry

22/03/2023

Right of Data Portability

¹To further strengthen the control over his or her own data, where the processing of personal data is carried out by automated means, the data subject should also be allowed to receive personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another controller. ²Data controllers should be encouraged to develop interoperable formats that enable data portability. ³That right should apply where the data subject provided the personal data on the basis of his or her consent or the processing is necessary for the performance of a contract. ⁴It should not apply where processing is based on a legal ground other than consent or contract. ⁵By its very nature, that right should not be exercised against controllers processing personal data in the exercise of their public duties. ⁶It should therefore not apply where the processing of the personal data is necessary for compliance with a legal obligation to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of an official authority vested in the controller. ⁷The data subject’s right to transmit or receive personal data concerning him or her should not create an obligation for the controllers to adopt or maintain processing systems which are technically compatible. ⁸Where, in a certain set of personal data, more than one data subject is concerned, the right to receive the personal data should be without prejudice to the rights and freedoms of other data subjects in accordance with this Regulation. ⁹Furthermore, that right should not prejudice the right of the data subject to obtain the erasure of personal data and the limitations of that right as set out in this Regulation and should, in particular, not imply the erasure of personal data concerning the data subject which have been provided by him or her for the performance of a contract to the extent that and for as long as the personal data are necessary for the performance of that contract. ¹⁰Where technically feasible, the data subject should have the right to have the personal data transmitted directly from one controller to another.

Latest Blog posts