GDPR Implementation guidelines - Continuous operations

24/04/2018
Insights

The entire General Data Protection Regulation (GDPR) revolves around the protection of personal data, how personal data can be used and so forth. Within the implementation guidelines of the GDPR, there are different types of operations to consider. We will go over important continuous operations, such as Identification, Processing & protection and Usage register.

Identification

The traditional implementation approach followed by most organisations is not smart at all. Already now, or in the near future, they will face operations-blocking consequences:

  • They assume that they know about whom the organisation processes personal information, but in reality they never do.
  • They demand a huge change in their co-workers’ current way of working, in just a couple of months, whereas real changes take at least 18 to 36 months to succeed.
  • They require extra work from their co-workers in identifying Personal Data and in taking extra measures and actions.
  • They rely on a 100% correct performance of their co-workers with regard to personal information, whereas in all other domains >50% of people just do not achieve this level of performance.

Our very basic solution for GDPR compliance is about supporting the DPO in the following:

  • Knowing the Data Subjects and their related Personal Data
  • Being able to address the Data Subject Rights
  • Knowing where Personal Data is located and processed.
     


This intelligent software offers an automated continuous identification with NO extra effort for your staff, while providing multiple reports and a dashboard for the DPO and other stakeholders.

In an operational mode, Knowliah offers an automatic detection of Data Subjects and related Personal Data in ALL connected sources (file servers, e-mail server, other systems like MS SharePoint, DMS, ERP, CRM, or custom applications/systems)
by means of standard available connectors for each information object (document, e-mail, record).

The result is a continuously updated database containing the following linked elements:

  • Data Subject
  • Type of Personal Data
  • Location where the information resides.

The DPO – or other people involved – have access to:

  • A dashboard reflecting the current status via graphs
  • Automatically identified Personal Data, wherever it is stored in the organisation, from different perspectives (virtual folders)
  • Full-text search with integrated GDPR filters.
     

Processing & protection

Instead of depending on co-workers for proper handling and protection of potential Personal Data – keep in mind that humans are often the weakest link – it is wiser to set up easy automation.

You want to avoid complex processes, inefficiencies and endless change initiatives in order to fully comply with GDPR?

With Knowliah Intelligent Repository 4.3, we take care of the required processing – with little to no manual effort:

  • Separation and protection of Personal Data in a secure Knowliah Repository
  • Matching between purpose and consent for consultations and/or processing
  • Building of your Usage Register in the background
  • Facilitation of answering Data Subject Rights
  • Providing means for audit.

 


With optional extras such as anonymization, encryption and aggregation, we help you to reduce the big GDPR impact on your operations and the workability of your staff.

To see Knowliah in action, you can request a demo right here and see how we can make your team much more efficient!


Usage register

If you do not have an automatic Usage Register, you need to keep track of all CRUD actions performed on Personal Data in your Usage Register.

The Personal Data Usage Register contains the following items per manipulation:

  • Identification of the user
  • Date and time of the transaction
  • Identification of the document/e-mail/record
  • Category of Personal Data
  • Purpose of the processing
  • Nature of the processing (create, read, update, delete, transfer, …).



Want to learn more?

You can find information on the implementation guidelines of the GDPR, like processing principles, security measures, preparations, operations and much more by clicking on the button below.
You can also download our full implementation guide 'A free quick-start guideline for your GDPR implementation' as a PDF document.


GDPR implementation guidelines

Share this insight