Widget Image
 

GDPR

GDPR (General Data Protection Regulation)

In order to unify and strengthen the enforcement of the rules of personal data protection of EU citizens, the European Commission adopted the General Data Protection Regulation – UE 2016/679.

The Regulation is entered into force on 25 May 2016 for all the European Union States, Italy included, and it will apply from 25 May 2018 onwards, after two years of transition, which is the necessary time to allow the companies to adapt to the corresponding requirements set out in this Regulation.

Hence, all the associations that collect, manage and use personal information (almost every company and public administration) have to comply with the new rules to ensure an higher level of protection of the privacy rights.

Because of the possible sanctions and compensations that can be request by citizens in case of data breaches, companies are carefully examining the impact of GDPR on the extant process of personal data protection: the numerous regulations are not easy to apply and can require large and high-priced intervention on software and on data.

In addition to this, complying with the new rules is becoming even more complicate with new scenarios, like the Internet of Things, which involve data ascribable to users (e.g. the “wearebles” case).

Data Governance in GDPR perspective

To comply with the Regulation, it is necessary to first understand which data have to come into full compliance with the new rules, in order to examine vulnerability and risk mitigation actions.  Furthermore, DPO (Data Protection Officer) will be required at the IT new data management skills to monitor, to enforce the rules and to report the conformity with GDPR to the supervisor authority.

In particular, given the increase of the requirements of documentation and classification, it is necessary to know exactly where personal data are stored, especially unstructured data format (documents, emails, presentations and spreadsheets). This is fundamental to protect the same data, to minimize data conservation and to manage possible requests of correction and cancellation (e.g. to satisfy the right to be forgotten).

Nodes solutions for GDPR

Nodes is a Data Centric Company which core business is to extract values from data to support business process. Nodes proposes a series of interventions using the technologies leader in Data Governance. These allow clients to respond to the challenge imposed by GDPR by identifying possible exposures and by activating procedures on time to mitigate the potential risk and all the connected consequences:

  • Personal Data Assessment – Nodes entry point services for a Data Governance in GDPR perspective –
    • To identify and to recognize the information that need a correct Data Privacy in file copies, subset of forgotten or unorganized business data (e.g. data on employees’ workstation).
    • To identify quickly documents and file in standard format containing personal information (e.g. credit cards, medical records, licenses, identity cards).
    • – To classify unnecessary (no more necessary) business data to reduce the exposures and to lighten storage infrastructure.
  • Dynamic Data Masking
    • – To make personal information anonymous during the log in, without modifying original source data or application software.
  • Data Archive
    • To control the data increase in the production database and dismiss the legacy applications.
  • Persistent Data Masking
    • To mask data in their original environment or during the copy in test and development environment, keeping unchanged the integrity of the information and their functional and statistic coherence.
  • Test Data Management
    • To provide safe data for the development and the test, by automating data sub setting and data masking functionalities.
  • Identity Governance
    • To mitigate risks associated to the access by giving to the employees only the data necessary to execute their assigned tasks, using an identity governance based on the effective business assignments and not on the roles.