Organizations world-wide need to be able to respond to the new EU regulations around individual data privacy, including the ability to locate and address data that has made it’s way to their end users machines.
Responding to Data Subject Requests
The European General Data Protection Regulation (GDPR), requires that an organization have absolute knowledge of where all EU personal data is stored across the enterprise, and be able to remove it when required. The CXP Group, a leading IT research firm, notes in an industry report that, “compliance with GDPR will only be legally (effectuated) if an organization is able to identify exactly where data is.”
Actual demonstrated compliance requires the ability to search across all data sources in the enterprise for data, including distributed unstructured data located on desktops and file servers. This is why leading IT research firm Forrester notes that “data discovery and classification are the foundation of GDPR compliance.”
In fact, the GDPR requires both a proactive and reactive requirement of data discovery. A robust data discovery capability is needed to produce an intelligent data map, to classify and to actually remediate non-compliant data. This data audit process should done at the outset of establishing your GDPR compliance process, and also routinely executed on a recurring basis.
On the reactive side, organizations are required to respond to data subject requests (DSRs) from individual, or groups of, EU data subjects. The DSRs under the GDPR consist of requests for data erasure, data transfer, or a confirmation that data permissively kept is done so in a minimal fashion without excessive duplication or re-purposing outside of the granted consent. Companies must be able to document and demonstrate compliance with these DSRs, in a manner generally akin to responding to a subpoena or other legal requirement.
So it is clear that GDPR compliance requires the ability to demonstrate and prove that personal data is being protected, necessitating effective data audit and discovery capabilities that allow companies to efficiently produce the documentation and other information necessary to respond to regulators and EU private citizen’s requests. As such, any GDPR compliance programs are ultimately hollow without consistent, operational execution and enforcement.Learn More
X1 Product Used
X1 Distributed GRC
X1 Distributed GRC is the only software that gives organizations the capability to access, analyze and act upon data in just minutes on an individual’s computer and company networks for the purpose of complying with internal policies, data audits and regulatory requirements,
Gain Access to Endpoint Data
X1 Distributed GRC uniquely supports GDPR compliance, by enabling enterprises to quickly and easily search across multiple distributed endpoints and data servers for PII and other data from a central location. Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, instead of days or weeks. With X1, organizations can also automatically migrate, collect, delete, or take other action on the data as a result of the search parameters. Built on our award-winning and patented X1 Search technology, X1 is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs while greatly mitigating risk and disruption to operations.
Learn more about how X1 Distributed GRC gives legal, compliance and IT teams a fundamentally better and faster way to identify, analyze and act on data in place, at the desktop level, across the organization for eDiscovery, data audit and compliance initiatives.