General Data Protection Regulation
On May 25 2018 the General Data Protection Regulation (GDPR) will come into effect. The GDPR gives every EU citizen the right to know and decide how personal data is being used, stored, protected, transferred and deleted. Individuals have the right to restrict further processing and to request that all their data be erased (the “right to be forgotten”).
Under the GDPR, companies must be able to prove that they know which data they store of individuals, where it is stored and who can access it. Also companies must be able to prove they have taken the right security measures.
DEX Regulatory Suite for GDPR
DEX Data Explorers introduces DEX Regulatory Suite for GDPR. This module is part of the DEX Regulatory Suite, which offers solutions of all kinds of regulations.
With DEX RS for GDPR you can:
- Document which privacy-sensitive information you have in your organisation
- Define your work-processes, privacy organisation and measures
- Produce privacy reports
- Perform “the right to forget” process
- Create data processing agreements
Document privacy-sensitive information
In this step you make an inventory of which types of sensitive organisation you have in your organisation.
You can link this inventory to data-elements in your information systems and define and perform data quality checks.
Define work-processes, privacy organisation and measures
The regulator can ask you at any moment to show how you have organised your privacy processes. DEX RS for GDPR helps you document the work-processes in your organisation, define the privacy organisation and define the privacy measures.
The system supports you in determining which measures have to be taken in which situations.
DEX RS for GDPR produces the privacy reports that can be requested by the regulator or customers. You have documented in the system which data is available where and which measures you have taken. This means you have all information available to when it is asked for.
Right to be forgotten
An important and new concept in GDPR is the right to be forgotten. This means that after the legal storage periods for customer information have expired you should delete this information and, very important, should be able to prove you have performed this action.
DEX RS keeps track of the expiration dates of the data, informs you which data has to be deleted and stores the transaction reports of the deletion operation.
Data processing agreements
Organizations increasingly depend on outsourcing partners. You have to create data processing agreements with these partners, which detail which activities can be performed by these partners and what measures they have to take. DEX Regulatory Suite generates tailor-made agreements, based on the tasks you have outsourced.
DEX RS for GDPR is part of the DEX Regulatory Suite, which also has solutions for these regulations:
- CRD iv (COREP, FINREP, Asset Encumbrance, Funding Plans, Supervisory Benchmarking Portfolio)
- MIFID ii
- Residential Real Estate
- Social Economic Reports
- Deposit Guarantee Scheme
- Dutch Digital Reports (DRA)
Since this is an integrated system you can reuse the information you have extracted for regulatory reporting to support your GDPR processes. This reduces you operational cost.
Contact DEX Data Explorers (www.dataexplorers.nl) for more details on DEX Regulatory Suite.
About DEX Data Explorers
DEX Data Explorers explores data in its many forms. Does your organization generate a lot of data about customers, products, etc.? Do you think that you can get more out of this information than you do now? Do the large investments keep you from doing so? Let DEX Data Explorers help you. You can find more information on DEX Regulatory Suite for GDPR in this whitepaper.
Addition Knowledge House and DEX Regulatory Suite
Addition Knowledge House delivers the following services with regards to DEX Regulatory Suite:
- implementation support
- business process outsourcing