GDPR related processes are heavily manual but require precise action and are regulatory mandatory. After the adoption of the regulation in May ‘2018, the companies have equipped themselves with the necessary Legal frameworks, hired Data Protection Officers and created necessary documentation like Privacy policies etc. Even all the websites are now requiring acceptance of the cookies and users’ data usage.
Our observation though is that the companies are still suffering to perform effectively the operation processes for data storage, organization, updates and purge. The level of automation is very low or does not exist.
Let’s review the situation when the customer is no longer using the Bank’s or any Company’s services from the other service industries.
The Company is supposed to no longer store the customer data.
How does this process happen in reality?
Banks and other Companies usually use more than one system where they store customer data. When the customers leave they are facing the issue to identify for which customers they have to purge data and in which systems they store the data for each and every customer based on the services that he/she used to use.
In that case, it is necessary to have an automated process to follow up on the customer statuses and find and purge its data once he/she is no longer customer.
For middle to big-sized organizations, this process may require 10-15 or more people to do the process manually.
Our experience in the automation of this process is that it can bring significant efficiency to this process while keeping the organizations compliant with the regulations.
Our general approach to GDPR compliance is shown below:
The Data Subjects
Where and What?
Systems involved and what it contains
Why, When, How?
What to delete?
When to delete?
How to delete?
Who and What?
Who to notify?
What to notify?
Key points in GDPR
Identifies PII (Personally Identifiable Information) as part of the scope. Recognizes different data Types and Data Subjects.
Data Store Identification
Works with as many as necessary data store applications – Core Systems, Web applications, Emails, Shared Drive folders
Delete a single record or a bulk
Can purge Customer by customer or Many Customers at once based on excel sheets/emails sent.
Asking human for permission to purge
Post Purge Information
How it works
- Rule-based Purge of PII (Personally Identifiable Information) data
Applicable only for Respondents from European Union (EU). To be detected via Country, Customer Time Zone abbreviations where possible.
- Auto triggered
Data stored and elapsed 90 days from “Today’s date” or Loan expired and repaid or Account closed
- Adhoc triggered
Email sent/keywords based trigger
- Methods to purge
a) User Approach –> open the application –> find the record –> Delete or Replace Data
b) Automation via SQL – Stored Procedures to execute directly in the database
Processing time decrease from 10 min to less than 1 min
70 % reduction of operations costs
90 % of the cases processed automatically
Banking, Financial Services and Insurance (BFSI)
We aim at bringing value-added solutions at almost no efforts by You – our Customer.
Our power is in listening to you and understanding your processes.