GDPR - so, what's it all about?

From 25th May 2018 the General Data Protection Regulations requires all organisations holding data on EU residents, or offering them goods or services to comply with new standards relating to personal data security, use and accountability. This includes any information that relates to an identifiable person, whether in personal family life, business or profession.  
filing picture

Find the data you hold

The GDPR requires you to document what personal data you hold, where it came from, who you share it with and what you do with it.

The ICO has published a checklist that organisations can use to review their compliance with the GDPR. The first step on this list is to understand what information you hold and document it.

You can use DAHU ARC to run a dedicated GDPR personal and sensitive data discovery. Gather and process content from across all unmanaged data repositories including email inboxes, file shares, document archives and cloud drives. Find, tag, and score the content according to its type and level of sensitivity. Use results to inform your data audit and GDPR readiness reports

regulations picture

Assess the Risk

The GDPR requires an ongoing commitment to ensure every activity that may place risk on the lawful, fair and transparent processing of data is assessed, and suitable measures put in place.

The Data Protection Impact Assessment (DPIA) is the specific process mandated by the GDPR to ensure compliance with the regulations. It will be required before any change to existing, or introduction of new data processing that places risk to the rights and freedoms of data subjects.

You can use DAHU ARC to run a targeted GDPR personal data discovery on content likely to be used or exposed by a proposed change to existing processing, or a new activity. Find the personal data, flag it, tag it, and use the results to assess and mitigate the risks identified.

locks picture

Take Action

The GDPR states that organisations must enable the data subject to be aware of, and verify, the lawfulness of the processing. The data controller must provide the data subject with a copy of the personal data undergoing processing and relevant related information on request

You can use Dahu ARC to respond to Subject Access Requests. Dahu ARC dashboard enables you to immediately run a dedicated advanced SAR search for all data relating to a specific request. Use the Dahu ARC dashboard to review the content so that appropriate content can be found, redacted or anonymised if necessary and collated in a compliant format so that it can be provided to the subject.

How does Dahu ARC work?

Dahu ARC uses a number of components to provide a complete Data Discovery solution. The tools include content connectors, advanced processing engines and user interfaces. ARC is designed to work with many commercial and open-source search engine platforms and runs on Windows or Linux, on-premise or in the cloud, or of course a combination. The components can be used to enrich an already-existing enterprise search solution, or to build a complete solution for data discovery and GDPR processing.

Dahu Edge is our unique series of content connectors designed to find and gather content from all your unstructured content repositories. Our connectors are specifically built with data discovery in mind. For instance, unlike normal search indexing, we keep records of all duplicate instances of content so we get a true picture of your data estate. Even when the content might normally be skipped due to size, content type or security, we always create a record with all the available metadata. Connectors available include Databases, File Systems and coming soon, cloud storage including Google Docs and Microsoft One Drive.

To make calculations about the level of risk in your unstructured content, you need to be able to identify all the personal and sensitive data held that content, and make it available for analysis. This is what Dahu Vector is designed to do. It has a dedicated rule base that allows it to discover all the GDPR-stipulated sensitive data types and personal references in any content that flows through it. It relies on a series of complementary technologies to do the identification including machine learning, NLP and pattern matching. It's vital to be able to understand and explain the decisions that processing systems take so we designed the processes that Vector uses to be fully auditable.

To leverage the data we discover in the content using Dahu Edge connectors and Dahu Vector, we provide a GDPR Dashboard that allows you to use that data for specific GDPR tasks. Dahu Surface is our User Interface platform that allows us to provide search tools and dashboards to quantify and visualise data at risk to support an initial GDPR readiness review or a Data Protection Impact Assessment (DPIA). There is also a dedicated dashboard extension to support the Subject Access Request (SAR) process. Surface supports User Interface API translation so our interfaces can work on most current search engine technologies.

Search. Only better.