GDPR Governor

General Data Protection Regulation (GDPR) is the Regulation of the EU Parliament and the Council on
the protection of individuals with regard to the processing of personal data and on the free movement
of such data. The Regulation is in line with the Czech legislation and comes to effect by May 25, 2018.
The GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy
laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way
organizations across the region approach data privacy.

The rights of individuals (data subjects) to protect their personal data are significantly strengthened by
the Regulation. You will need to be able to answer and meet the following requirements:

  • Information about the processing of
    personal data, its reason and its scope
  • Access to collected personal data
  • Correction/rectification of personal data
  • Mandatory notification when personal
    data are repaired or deleted, or
    processing restrictions
  • Transferring data to another data
    controller
  • Information provided when personal data
    have not been obtained from the data
    subject
  • Right to be erased (“the right to be
    forgotten”)
  • Objection against processing, against
    automated processing, profiling, etc.
    Data processing restrictions
  • Revocation of consent to the processing
    of personal data

Potential fines:

  • GDPR sets heavy fines – 2 % (4 %) of annual worldwide turnover or 10,000,000 EUR (20,000,000
    EUR) for non-compliance with the Regulation (brackets indicate subsequent penalties for non-
    compliancy with corrective measures). Other penalties for data leakage are determined by the
    local law.

What can happen if you don’t comply with GDPR regulations?

  • Legal actions by individuals that you do not care well about their personal data or that you do
    not respect their data privacy rights.
  • Loss of existing ISO certifications due to non-compliancy with the law.
  • Inspection by the local authority to check meeting the requirements of the Regulation.
  • Penalties imposed by the local authority.

Time is flying – an example of a GDPR implementation schedule
The key date is May 25, 2018. From that date on, any company must be able to demonstrate its ability to
comply with the rules required by the Regulation. Therefore, it is necessary to start as soon as possible.

How to become GDPR ready?

Ness recommends to take the following steps

The GDPR Governor supports GDPR processes with a view to providing information to individuals and
reducing the workload of meeting these obligations.

It is single tool for GDPR requirements

  • Single view of the stored customer data
  • Reporting personal data of your customers
  • Managing their consents
  • Anonymizing their personal data
  • Personal data access audit

GDPR Governor holds configuration which data is stored in which system and how are data sets identified within the system (e.g. birth number). Data are categorised and configuration is aware interconnections with data in other systems. Holds binding among consents and data sets in multiple systems. It also holds data retention policy and configuration how the extracted data is visualised to user.

Your existing systems are required to implement GDPR data connector. A unified API for all legacy systems to gather personal data from the existing system.
Extract –> Categorize –> Analyse
Based on the entered search criteria (e.g. birth number, ID card), GDPR Governor identifies all systems which could contain customer data identified by the criteria. GDPR Governor queries those systems, categorizes and analyses the results to find other systems containing interconnected data. GDPR Governor queries those systems until all the data are extracted.

View and search audit logs with a powerful Elasticsearch tool. Automated detection of suspicious access to sensitive data.
The access to GDPR Governor itself is audited.

GDPR Governor gathers data from various systems in a single configurable structured UI. Export in the machine readable format (XML/JSON) is supported.

Stores and manages all customer GDPR consents including a complete history. Automated notification when a consent is about to expire. Triggers automated anonymization of data as soon as consent is expired or invalidated.

Anonymise extracted data, anonymise whole entities in systems together with consents, automated anonymization when consent is expired or invalidated. Automated anonymization is driven by business rules (e.g. customers can anonymize only certain data, data are automatically anonymized when there is no valid consent connected to data, etc.).

✔   30% implementation cost & time reduction
✔   Predefined templates for easier GDPR related data analysis
✔   Proven, centralized, audited solution
✔   Unified view on customer’s sensitive data as additional business value

Documents to download

GDPR Overview

GDPR Governor Product sheet