The EU General Data Protection Regulation (GDPR), which will enter into force on May 25, 2018, is the most important change in data privacy regulation in 20 years.
Since April 2016, IMTF has been working on ensuring that our RegTech offerings meet the GDPR-related obligations, such as the ability for data subjects (customers, employees or 3rd parties whose personal data can be used, stored, or processed by organizations) to manage their consent preferences (“Privacy By Design”) and submit data subject access requests (DSARs) on:
Right to Access
Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them are being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format.
Right to be Forgotten (“Data Erasure”)
The right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
GDPR introduces data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine readable format‘ and have the right to transmit that data to another controller.
HYPERSUITE/5 Records Management Extension
HYPERSUITE/5 Records Management enables clustering of archive objects into logical or physical units and the content management during the whole life cycle: from creation, editing and archiving to final and controlled deletion.
Records Management includes:
– Automation of retention and compliance policies, and ensuring legal, regulatory and industry compliance
– Management of electronic and physical documents
– Retention Schedules (and Deletion Schedules) based on MoReq2, MoReq2010 recommendations (making HYPERSUITE/5 MoReq compliant / MCRS)
– Legal hold
– Extended classification schemes to support hierarchical structuring
More on Secure Enterprise Content Management here.
Adaptive Case Manager (ACM)
IMTF’s Adaptive Case Manager helps automate information-intensive processes for better decision making. It orchestrates processes for greater efficiency, consistent quality, and faster cycles. It intelligently guides work requiring flexibility and human judgment, includes standard and ad-hoc workflows, gives an overview of all relevant data and documents and encourages real-time collaboration.
The ACM supports organizations in complying with GDPR right to be forgotten (erasure), access, and portability requirements in a complete, streamlined and effective fashion as it allows to build any kind of workflows.
The one supporting DSARs can be structured in 4 steps:
|1. Request Intake
Data subject’s request intake and validation
|2. Workflow assignment
Assignment of internal tasks to specific collaborators
|3. Data search
Data finding and tasks fulfillment
Communication/response to data subject