GDPR and Compliance

GDPR related processes are time consuming and manual but require precise action and are made mandatory by regulations. After the adoption of the regulation in May ‘2018, the companies have equipped themselves with the necessary Legal frameworks, hired Data Protection Officers and created necessary documentation like Privacy policies etc. Even all websites are now requiring acceptance of cookies to enable users’ data usage.

Our observation is that companies are still suffering to perform the operation processes for data storage, organization, updates and purge effectively. The level of automation is very low or does not exist.

Let’s review the situation when the customer is no longer using the Bank’s or any Company’s services from other service industries.

The Company is supposed to no longer store the customer data.

How does this process happen in reality?

Banks and other Companies usually use more than one system where they store customer data. When customers leave, the bank or business  faces the issue of identifying which customers’ data must be purged and in which systems they store the data for each and every customer based on the services that he/she used to use.

In that case, it is necessary to have an automated process to follow up on the customer statuses and find and purge their data once he/she is no longer customer.

For middle to big-sized organizations, this process may require 10-15 or more people to do the process manually.

Our experience in the automation of this process is that it can bring significant efficiency while keeping the organizations compliant with the regulations.

Our general approach to GDPR compliance is shown below:

Data Classification
Identifies PII (Personally Identifiable Information) as part of the scope. Recognizes different data Types and Data Subjects.

Data Store Identification
Works with as many as necessary data store applications – Core Systems, Web applications, Emails, Shared Drive folders

Delete a single record or a bulk
Can purge Customer by customer or Many Customers at once based on excel sheets/emails sent.

Notifications
Examples:
Asking human for permission to purge
Post Purge Information

• Rule-based Purge of PII (Personally Identifiable Information) data

Example:
Applicable only for Respondents from European Union (EU). To be detected via Country, Customer Time  Zone abbreviations where possible.

• Auto triggered

Examples:
Data stored and elapsed 90 days from “Today’s date” or Loan expired and repaid or Account closed

• Adhoc triggered

Example:
Email sent/keywords based trigger

• Methods to purge

a) User Approach –> open the application –> find the record –> Delete or Replace Data
b) Automation via SQL – Stored Procedures to execute directly in the database

Processing time decrease from 10 min to less than 1 min

70 % reduction of operations costs

90 % of the cases processed automatically