Kristoff Zammit Ciantar, CEO
The enforcement of the General Data Protection Regulation (GDPR) on the 25th May 2018 threw more than a few companies into a state of panic and confusion, largely due to the breadth and reach of the legislation, not to mention the severity of its sanctions. While data protection legislation has been at the forefront of EU policy for nearly two decades, with GDPR it is the first time that such legislation will be enforced across the board, with no exceptions or variations across jurisdictions. Organizations such as Aqubix focus a lot on the operational aspect of compliance, especially the work that is done manually and are now thinking about the manual intervention required for GDPR.
The larger the company is, the greater the hassle to ensure you have people to process requests, make sure everything is in place, and so on, so that’s where the idea for GDPR Auto stemmed from. It is both a technical and business solution that delivers the required automation, as well as the embedded legal advice that dictates this regulation. It provides a starting point in the form of a set of audits, so that companies can self-assess and identify where they stand.The responses to the legal audit provide a full GAP Analysis report highlighting all the aspects that the company needs to start working on, in order to achieve GDPR compliance, with a detailed list of actions reflecting the answers to the audit provided by the company. At this stage, if it is determined that any internal policies relevant to the data types being handled are required, the system will make all legal documentation available in the form of text templates, allowing the company to bring their processes in line with regulation.
Another requirement that forms part of GDPR which an organisation may find particularly difficult to do manually is the mapping of data processes. Again, here GDPR Auto simplifies and streamlines what would otherwise be a taxing and long-winded process into a simple function.
While the standardisation of new data is challenging enough under the new legislation, making sure past data, collected long before GDPR compliance was a concern, is another issue that has been a stumbling block for many firms. “When some companies realised that some of the data they held was not fully GDPR-compliant, they considered purging their collection of data entirely, some of which spanned several decades. This would have been a huge and valuable loss,” Mr Zammit Ciantar points out. GDPR Auto has a solution for this too – once subject data is mapped out, the programme allows for individual and bulk opt-in audited consent acquisition, as well as regular/scheduled re-consent processes across all aspects of the data being held. “This feature allows the user to instantly identify what data is authorised for specific use, and immediately excludes use that is not permitted under GDPR. At the same time, it manages the requirement for individual assent that the customer may not have even thought about or agreed to at the time, ensuring that the company is in full compliance with the legal provision.” Individuals whose data has been collected are provided with a means to update their data and ensure that whatever information being kept is correct; namely a secure portal, bolstered by two-factor authentication, through which data can be managed and requests for updates to be sent. Once reviewed by the data protection officer, such change requests are communicated internally over the platform for execution keeping a full audit trail of accountability with system owners and third-party processors.
GDPR Auto has garnered interest from a wide range of businesses within the EU, as well as non-European companies that do business with Europe, including firms from the US and Turkey. Its adaptability for companies of different kinds and sizes has also made it a versatile tool for businesses to have in their arsenal. “Even though it will still prove to be quite a challenge, small companies handling a few subjects can likely get away with bringing its processes up to scratch manually. Such approach might work in the short term; however, it is not a sustainable model knowing that GDPR is here to stay. For larger companies, or companies with an ambition to grow, GDPR Auto will save a lot of time and effort, not just now, but in the coming years too.”