Is your organization GDPR (General Data Protection Regulation) compliant?
As you may know, the General Data Protection Regulation (GDPR) will come into effect across Europe on May 25, 2018. In the Netherlands and Belgium, this European law is called the GDPR: the General Data Protection Regulation. Compared to current privacy legislation, individuals are given more rights and organizations more obligations. The GDPR places the responsibility on organizations to demonstrate that the correct organizational and technical measures have been taken to comply with the GDPR.
The regulation (GDPR) means that all companies operating within the European Union (and England despite Brexit) must comply with this legislation under the supervision of national enforcement, which is managed by the European Data Protection Board. Fines for non-compliance with the legislation will rise sharply; from a maximum of € 820.000 (or 2% of the worldwide turnover) in accordance with the current Personal Data Protection Act to a maximum of € 20.000.000 (or 4% of the worldwide turnover) under the new regulations.
The regulations impose higher requirements on security, use and storage of data, in order to safeguard the security of personal data. This ensures that the data collection becomes more transparent and more insightful for 'those involved'. The tightening of the right to forget will also make it easier to view or have deleted data obtained.
What should organizations take into account for GDPR compliance?
The switch to the GDPR means that it is necessary to take a look at the way data is handled within your organization. If the organization complied with the rules surrounding the WBP, this does not mean that you are also compliant with the GDPR rules. Companies now need to know more about what data is present, how this data flows in and out of the organization, how it is stored and secured, how it is used and by whom. In short, as an organization you are forced to be able to provide extensive documentation about:
- What data is available?
- Where is the data stored?
- What is the data used for?
- Who has access to the data?
GDPR Compliance Test
- Is your BI, Reporting & Analytics solution fully documented?
- Do you have full traceability of all your data in your BI, Reporting & Analytics setup?
- Are you in control of data in your development and test BI, Reporting & Analytics environments?
- Do you manage access control to data in your BI, Reporting & Analytics setup and can you document this?
If you are not automated data management platform, the answer to the above questions is probably no. If you answered yes without automation then it is a very time consuming task and must be expensive to maintain. Traditional hand-built data warehouses do not provide automated documentation. Visualization tools such as Qlik, Tableau and Power BI that directly access data sources also do not provide automated documentation.
Achieve GDPR compliance with the Discovery Hub
If you have not yet got your affairs in order and want to quickly form a basis for your BI and Analytics tools, it may be an idea to go to TimeXtender to look at products. TimeXtender creates powerful automated data warehouse software called the 'Discovery Hub'. Discovery Hub quickly and easily establishes a foundation for GDRP compliance in the field of BI and Analytics within your organization. With this software you not only make your analytics department compliant now, but also in the future. This gives you a 'future proof' solution. It is very easy to add data sources and to be able to foresee any new rules. With this data warehousing software you ensure that you take privacy rules into account with your BI and Analytics applications now and in the future.
Discovery Hub features include:
- Automated Documentation: Automatically document what data you hold and where you hold it
- Traceability: Data lineage & impact analysis help you answering the questions: where does my data come from, and where is it used?
- Security: Answers the question: who has access to my data?
- Aggregation: Retain full documentation and anonymize personally identifiable information (PII), while transforming data into actionable information
- Multiple Environments: Whether in test, development or production your data is fully documented. You have full version control and full security and traceability.
For more information about how Victa helps organizations to make their BI departments GDPR compliant on time, please visit www.victa.nl/timextender or contact our sales department: sales@victa.nl