GDPR related processes are time consuming and manual but require precise action and are made mandatory by regulations. After the adoption of the regulation in May ‘2018, the companies have equipped themselves with the necessary Legal frameworks, hired Data Protection Officers and created necessary documentation like Privacy policies etc. Even all websites are now requiring acceptance of cookies to enable users’ data usage.

Our observation is that companies are still suffering to perform the operation processes for data storage, organization, updates and purge effectively. The level of automation is very low or does not exist.

 

Let’s review the situation when the customer is no longer using the Bank’s or any Company’s services from other service industries.

The Company is supposed to no longer store the customer data.

 

How does this process happen in reality?

Banks and other Companies usually use more than one system where they store customer data. When customers leave, the bank or business  faces the issue of identifying which customers’ data must be purged and in which systems they store the data for each and every customer based on the services that he/she used to use.

 

In that case, it is necessary to have an automated process to follow up on the customer statuses and find and purge their data once he/she is no longer customer.

For middle to big-sized organizations, this process may require 10-15 or more people to do the process manually.

 

Our experience in the automation of this process is that it can bring significant efficiency while keeping the organizations compliant with the regulations.

 

Our general approach to GDPR compliance is shown below:

Who?

The Data Subjects

Where and What?

Systems involved and what it contains

Why, When, How?

What to delete?
When to delete?
How to delete?

Who and What?

Who to notify?
What to notify?

Key points in GDPR

Data Classification
Identifies PII (Personally Identifiable Information) as part of the scope. Recognizes different data Types and Data Subjects.

    Data Store Identification
    Works with as many as necessary data store applications – Core Systems, Web applications, Emails, Shared Drive folders

    Delete a single record or a bulk
    Can purge Customer by customer or Many Customers at once based on excel sheets/emails sent.

    Notifications
    Examples:
    Asking human for permission to purge
    Post Purge Information

    How it works

    • Rule-based Purge of PII (Personally Identifiable Information) data

    Example:
    Applicable only for Respondents from European Union (EU). To be detected via Country, Customer Time  Zone abbreviations where possible.

    • Auto triggered

    Examples:
    Data stored and elapsed 90 days from “Today’s date” or Loan expired and repaid or Account closed

    • Adhoc triggered

    Example:
    Email sent/keywords based trigger

    • Methods to purge

    a) User Approach –> open the application > find the record > Delete or Replace Data
    b) Automation via SQL Stored Procedures to execute directly in the database

    The Results

    Processing time decrease from 10 min to less than 1 min

    70 % reduction of operations costs

    90 % of the cases processed automatically

    About us

    We aim at bringing value-added solutions at almost no efforts by You – our Customer.

    Our power is in listening to you and understanding your processes.

    Call us for more information:

    Sofia office:      +359 882 016 062

    London office: +44 7787 721 269

    Dubai office:    +971 508 802 326

    Contact us through our form: