GDPR compliance

SecuPi patented software platform augments business applications with the capabilities for meeting GDPR requirements, including ‘Right to be forgotten’, ‘Data Minimization’, ‘Consent’ and ‘Records of Processing Activities’ without code changes and within days per application.

Capabilities

Comprehensive Audit
Full audit logs to cover all personal data processing and data access activities for ‘Records of Processing’ (Article 30)
Pseudonymization
SecuPi’s real-time redaction capabilities enable quick and simple data minimization and pseudonymization for users and processes
Consent Processing Controls
Using Dynamic Data Masking and redaction, SecuPi can disable access to data subjects where consent wasn’t given, or where the customer requested to opt-out.
Deletion/Erasure
SecuPi provides both logical and physical deletion & anonymzation for ‘Right to be Forgotten’ requirement (Article 17)
Data Protection
By design and by default, SecuPi protects data using enhanced visibility into any sensitive data flow and access
Breach Notification
Quickly know who accessed which data to comply with the personal data breach notification requirement

Detailed GDPR Coverage by Article

Article # | Article Name
7
Conditions for Consent

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

8
Conditions Applicable to Child's Consent in Relation to Information Society Services

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

9
Processing of Special Categories of Personal Data

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

10
Processing of Personal Data Relating to Criminal Convictions and Offenses

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

15
Right of Access by the Data Subject

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

17
Right to Erasure (‘Right to be Forgotten’)

On the application level, SecuPi redacts information on customer who requested to be forgotten (referred to as “logical deletion” ). On the database level, SecuPi applies Format Preserving Randomization (FPR) Anonymization, ensuring that both the personal data is anonymized, as well as randomized on different databases, to prevent correlation of the same anonymized value between different data sets.

18
Right to Restriction of Processing

Using Dynamic Masking and redaction, SecuPi can disable access to data subjects where consent wasn’t given or where the customer requested to restrict processing of personal data.

21
Right to Object

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data.
SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed
Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

25
Data Protection by Design and by Default

SecuPi protects all data deemed personal and private by the application owner, hence immediately manage access privileges, and flag anomalous behavioristic facts on data access or processing.
Through full audit, Data Protection by design and by default are enabled:
1. Data protection by design example – any access to personal data is logged and can never be deleted.
2. Data protection by default example – SecuPi can be configured to block all access to personal data unless specifically granted to users.

30
Records of Processing Activities

SecuPi’s audit logs are clear and factual and can show which processor accessed which data, as well as providing full transcript of the processing activities done through the application. Since the SecuPi agent is deployed on the application server, it has access to all relevant information, including which user was used to process the information, timestamp, URI, etc. SecuPi enables to map data-flows and provides the ability to granularly audit and control it to maintain access on a “need to know basis” and use data in line with its purpose.

32
Security of Processing

As described in previous articles, SecuPi’s audit logs, as well as masking and tokenization capabilities cover the security of processing through complete protection of personal data accessed through LoB applications and DBA/development tools. This covers the pseudonymization and encryption of personal data, as well as the ability to ensure the ongoing confidentiality and integrity of personal data. SecuPi combines personal data discovery, and data-flow mapping, and activity monitoring allowing the data subject to know, upon request, where its data is being stored and how its used within the organization.

33
Notification of a Personal Data Breach to the Supervisory Authority

In the unfortunate case of a breach, SecuPi’s audit logs and behavior analytics can pinpoint exactly which data was exposed and breached, and significantly shorten the reporting time, while providing accurate and accountable information.

34
Communication of a Personal Data Breach to the Data Subject

In the unfortunate case of a breach, SecuPi’s audit logs and behavior analytics can pinpoint exactly which data was exposed and breached, and significantly shorten the reporting time, while providing accurate and accountable information.SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed
Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

Article 7 - Conditions for Consent

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

Article 8 - Conditions Applicable to Child's Consent in Relation to Information Society Services

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

Article 9 - Processing of Special Categories of Personal Data

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

Article 10 - Processing of Personal Data Relating to Criminal Convictions and Offenses

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

Article 15 - Right of Access by the Data Subject

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

Article 17 - Right to Erasure (‘Right to be Forgotten’)

On the application level, SecuPi redacts information on customer who requested to be forgotten (referred to as “logical deletion” ). On the database level, SecuPi applies Format Preserving Randomization (FPR) Anonymization, ensuring that both the personal data is anonymized, as well as randomized on different databases, to prevent correlation of the same anonymized value between different data sets.

Article 18 - Right to Restriction of Processing

Using Dynamic Masking and redaction, SecuPi can disable access to data subjects where consent wasn’t given or where the customer requested to restrict processing of personal data.

Article 21 - Right to Object

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data.
SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed
Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

Article 25 - Data Protection by Design and by Default

SecuPi protects all data deemed personal and private by the application owner, hence immediately manage access privileges, and flag anomalous behavioristic facts on data access or processing.
Through full audit, Data Protection by design and by default are enabled:
1. Data protection by design example – any access to personal data is logged and can never be deleted.
2. Data protection by default example – SecuPi can be configured to block all access to personal data unless specifically granted to users.

Article 30 - Records of Processing Activities

SecuPi’s audit logs are clear and factual and can show which processor accessed which data, as well as providing full transcript of the processing activities done through the application. Since the SecuPi agent is deployed on the application server, it has access to all relevant information, including which user was used to process the information, timestamp, URI, etc. SecuPi enables to map data-flows and provides the ability to granularly audit and control it to maintain access on a “need to know basis” and use data in line with its purpose.

Article 32 - Security of Processing

As described in previous articles, SecuPi’s audit logs, as well as masking and tokenization capabilities cover the security of processing through complete protection of personal data accessed through LoB applications and DBA/development tools. This covers the pseudonymization and encryption of personal data, as well as the ability to ensure the ongoing confidentiality and integrity of personal data. SecuPi combines personal data discovery, and data-flow mapping, and activity monitoring allowing the data subject to know, upon request, where its data is being stored and how its used within the organization.

Article 33 - Notification of a Personal Data Breach to the Supervisory Authority

In the unfortunate case of a breach, SecuPi’s audit logs and behavior analytics can pinpoint exactly which data was exposed and breached, and significantly shorten the reporting time, while providing accurate and accountable information.

Article 34 - Communication of a Personal Data Breach to the Data Subject

In the unfortunate case of a breach, SecuPi’s audit logs and behavior analytics can pinpoint exactly which data was exposed and breached, and significantly shorten the reporting time, while providing accurate and accountable information.SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed
Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

Want to see our product in action? Join us for a Demo!
Apply for this Job

Or send your resume at text@secupi.com
Thank for you applying
We will be in touch shortly.