GDPR is a HUGE buzzword (buzz acronym?) in the not only the tech world, but in the world of business in general. The operational impacts of the EU General Data Protection Regulation (the “GDPR”) are significant. Organizations that do business in Europe, provide goods or services to citizens, or provide monitoring of European citizens will now have to take new measures. This will require protecting the personal information of their customers and employees or risk heavy fines for data breaches. GDPR “compliance” extends beyond traditional policy and procedure-based methodologies and requires that technical controls are demonstrable to regulators. This will create several significant technical obligations for IT and Security professionals as well as Privacy Officers and Program managers. Your compliance with this new regulation is paramount to the success of your business and the trust of your customers, so it’s imperative that proactive measures be taken before May of next year.
AvePoint Compliance Guardian can help automate your compliance programs to assist your organization in complying with the General Data Protection Regulation (GDPR). Compliance Guardian offers several checks out of the box that scan for and allow you to map, detect, assess and protect personally identifiable information and sensitive personal information as defined by GDPR. This way, you can build your accountability framework and policies that allow you to say what you do, do what you say and prove you are doing so.
There are a number of different checks that will help automate your compliance with the forthcoming regulation. Compliance Guardian implements a number of different technical approaches to identify sensitive data including Regular Expressions (RegEx), used in our checks for International Phone Numbers. It also implements dictionary checks, machine learning, fingerprinting, and a wide range of methods that allow you to identify sensitive content and context. This way, you understand the data you hold, where it is, what it is and who can access it. This allows you to implement a risk-based approach to data protection, like pseudonymization or encryption, as specified under GDPR. For example, under ‘German cities’, there is a dictionary check that includes cities in Germany, meaning that those cities will be included in checks related to GDPR. This list can be added to and subtracted from depending on the needs of your organizations.
Compliance Guardian can scan, map and protect your data wherever it lives, on premise or in the cloud, on file shares, Web sites or in data bases (unstructured and structured) for any sensitive personal information.