GDPR related processes are time consuming and manual but require precise action and are made mandatory by regulations. After the adoption of the regulation in May ‘2018, the companies have equipped themselves with the necessary Legal frameworks, hired Data Protection Officers and created necessary documentation like Privacy policies etc. Even all websites are now requiring acceptance of cookies to enable users’ data usage.
Our observation is that companies are still suffering to perform the operation processes for data storage, organization, updates and purge effectively. The level of automation is very low or does not exist.
Let’s review the situation when the customer is no longer using the Bank’s or any Company’s services from other service industries.
The Company is supposed to no longer store the customer data.
How does this process happen in reality?
Banks and other Companies usually use more than one system where they store customer data. When customers leave, the bank or business faces the issue of identifying which customers’ data must be purged and in which systems they store the data for each and every customer based on the services that he/she used to use.
In that case, it is necessary to have an automated process to follow up on the customer statuses and find and purge their data once he/she is no longer customer.
For middle to big-sized organizations, this process may require 10-15 or more people to do the process manually.
Our experience in the automation of this process is that it can bring significant efficiency while keeping the organizations compliant with the regulations.
Our general approach to GDPR compliance is shown below:
Who?
The Data Subjects
Where and What?
Systems involved and what it contains
Why, When, How?
What to delete?
When to delete?
How to delete?
Who and What?
Who to notify?
What to notify?
Key points in GDPR
Data Classification
Identifies PII (Personally Identifiable Information) as part of the scope. Recognizes different data Types and Data Subjects.
Data Store Identification
Works with as many as necessary data store applications – Core Systems, Web applications, Emails, Shared Drive folders
Delete a single record or a bulk
Can purge Customer by customer or Many Customers at once based on excel sheets/emails sent.
Notifications
Examples:
Asking human for permission to purge
Post Purge Information
How it works
- Rule-based Purge of PII (Personally Identifiable Information) data
Example:
Applicable only for Respondents from European Union (EU). To be detected via Country, Customer Time Zone abbreviations where possible.
- Auto triggered
Examples:
Data stored and elapsed 90 days from “Today’s date” or Loan expired and repaid or Account closed
- Adhoc triggered
Example:
Email sent/keywords based trigger
- Methods to purge
a) User Approach –> open the application –> find the record –> Delete or Replace Data
b) Automation via SQL – Stored Procedures to execute directly in the database
The Results
Processing time decrease from 10 min to less than 1 min
70 % reduction of operations costs
90 % of the cases processed automatically
Banking, Financial Services and Insurance (BFSI)
About us
We aim at bringing value-added solutions at almost no efforts by You – our Customer.
Our power is in listening to you and understanding your processes.