Why is Awareness important for GDPR?
Awareness in the context of GDPR is mainly driven by two requirements:
1. To be able to assess if an existing business process or workflow meets the requirements of GDPR it is critically important to understand where data relevant to GDPR currently is, and in case this type of data needs to stay where it is, to appropriately protect this data. Reducing the attack surface on PII and similar confidential data, which reduces the risk of data breaches and the subsequent consequences as defined by GDPR. (Penalties, etc.)
Once all processes have been confirmed to be in line with GDPR it is equally important to maintain real time visibility on data distribution to quickly find out if PII suddenly appears in places not appropriate for PII.
2. GDPR data subject rights such as the right-to-be-forgotten, require effective ways to identify where an individuals data is located to be able to respond to the request in an efficient manner.
How does eSpyder respond to this challenge?
eSpyder provides real-time visibility into the distribution of personal identifiable information (PII) and similar confidential information across a customers estate.
To do so eSpyder creates an inventory of the content of a customers documents which are then classified and tagged according to ownership and confidentiality. As new documents are created, eSpyder will automatically classify and tag them.
Once the inventory is available eSpyder offers workflows to allow data protection officers (DPOs) or GDPR consultants to act upon the identified data.
All transactions on protected documents are captured in our tamper proof logChainTM (patent pending) database. An innovative regulatory database technology (RegTec), based on blockchain principles which by design are inherently resistant to modification, providing immutable records consistent with international compliance standards.