In order to manage personal data, companies first need to know where the data is stored. As business needs are growing, the number and complexity of IT systems are also growing. Before GDPR, there were no major concerns about personal data in those systems. However, things changed in many ways.
It is not uncommon for companies to have a low level of awareness about where they store personal data. This situation makes them incapable to fully address all the requirements defined by GDPR.
Think about the situation where a company receives a request for the right-to-be-forgotten from a specific data subject. How can a DPO fulfill this request if there is no information about where exactly is the personal data stored?
Understanding where the data is stored within the company is a prerequisite to compliant data privacy strategy!
The Data Inventory module connects to all relational databases of the company, making search inquiries, eliminating false positives and identifying all personal information across multiple systems.
This allows you to utilize the power of machine learning to precisely identify all personal data and to help you understand how data flows through your company.
Some of the companies tried to do a manual Data inventory, which resulted in exhausting a lot of resources and time with a questionable result. With manual data discovery, you can not be confident in results, and if a new system is added, you need to perform the whole task once again.
The Data Privacy Manager delivers an automatic Data Inventory process saving you time and enabling companies to have a clear and correct starting point for the GDPR compliance project.
While Organizations have been busy collecting consents and putting together compliant Records of processing activities, the data removal remained overlooked, or maybe postponed? Most of the Organizations have by now documented data retention policies and have a good idea about how long they can keep the data. Data retention starts when one of the following scenarios happen: The initial purpose for data collection and processing has expired. Usually, a product or services contract with an individual has expired, an insurance policy has expired or individual stopped using a product or a service…