The deadline for GDPR is fast approaching and we expect that compliance efforts are well underway for most companies. If you aren’t sure if GDPR applies to you, here’s a quick summary:
GDPR applies to any company with the following characteristics:
- A presence (physical or electronic) in an EU country
- No presence in the European Union but processes personal data of European residents
- More than 250 employees
- Fewer than 250 employees but its data processing: impacts the rights and freedoms of data subjects, happens more than occasionally or includes certain types of sensitive personal data
We are also busy finalizing preparations for how our SnapLogic systems and processes will be compliant, and on schedule to be certified soon. In addition to lessons learned along our journey, we thought we would highlight how our customers are using SnapLogic to assist with their GDPR compliance efforts. With that, here are four ways SnapLogic helps companies prepare for GDPR compliance:
Conduct an inventory
The starting point for any company is to conduct an inventory of the data they are currently collecting about their customers, especially EU citizens. The data can reside in many different places such as applications, databases/data warehouses/data lakes, devices, machines, and even on paper. The SnapLogic Enterprise Integration Cloud (EIC) has helped customers connect multiple endpoints, making it easier for them to conduct an inventory of their customer data and where it resides. Once an inventory has been completed, our customers typically score the data for privacy and security risk. Risk-scoring criteria can include factors such as volume of data, data proliferation, and data accessibility, as outlined in my earlier blog post “Five steps companies can take to prepare for the pending GDPR deadline.” The purpose of assigning a score is to help companies prioritize their GDPR compliance efforts.
Prepare to share (the information)
One of the GDPR compliance requirements that companies should be prepared to show includes what information is stored on each EU citizen. Our customers categorize the data captured into two major categories as follows:
- Information provided directly by the consumer on registration pages such as a filling out a form, e.g., such as when opening an account or downloading a white paper.
- Information observed about a customer through online interactions, e.g., what companies like Amazon compile on a person via online purchases, geography, the time of day, total spend, browsing habits,
Respect the rights
The GDPR gives EU citizens several rights including the right of access, the right of erasure, and data portability. This means that a company has to take action, if requested by an EU citizen, to wipe out all instances of the data that is stored about him/her, correct the information about that citizen, and also provide that information in a portable format so the citizen can transfer it to another company.
An ounce of prevention is better than a cure
The GDPR requires that companies obtain consent to collect the data which must be explicit for data collected and for the purposes in which it is used. Keep in mind that there are additional laws and guidelines around the data collected may vary with age (children under 13 have special guidelines), the country, and the state.
Our more proactive customers are taking measures to not only meet GDPR obligations but also reduce their risk in the event of a data breach, which is, unfortunately, becoming all too common. To reduce their risk, we’ve noticed customers proactively assessing if they really need a person’s Personally Identifiable Information (PII). If a PII is not necessary, they use SnapLogic to help locate the source of the data and then to transform it with one of our many intelligent connectors, so the individual is not recognizable.
PWC, a SnapLogic customer and partner, has a helpful overview of the GDPR: Pulse Survey: US Companies ramping up General Data Protection Regulation (GDPR) budgets. It’s a great resource.