GDPR Compliance

GDPR Compliance

 

SecuPi patented software platform augments business applications with the capabilities for meeting GDPR requirements, including ‘Right to be forgotten’, ‘Data Minimization’, ‘Consent’ and ‘Records of Processing Activities’ without code changes and within days per application.

Comprehensive Audit

Full audit logs to cover all personal data processing and data access activities for ‘Records of Processing’ (Article 30)

Pseudonymization

SecuPi’s real-time redaction capabilities enable quick and simple data minimization and pseudonymization for users and processes

Consent Processing Controls

Using Dynamic Data Masking and redaction, SecuPi can disable access to data subjects where consent wasn’t given, or where the customer requested to opt-out.

Deletion/Erasure

SecuPi provides both logical and physical deletion & anonymzation for ‘Right to be Forgotten’ requirement (Article 17)

Data Protection

By design and by default, SecuPi protects data using enhanced visibility into any sensitive data flow and access

Breach Notification

Quickly know who accessed which data to comply with the personal data breach notification requirement

  • Connector.

    Single Platform

    ONE centralized solution for main GDPR articles as well as Insider-threat on all applications

  • Connector.

    Agile and Efficient

    Agile and efficient configurable platform to meet current & future regulatory and audit requirements

  • Connector.

    No Code Changes

    No source-code changes with fast & cost-efficient implementation

Detailed GDPR Coverage by Article

Article 7 – Conditions for Consent

Using Dynamic Data Masking and real-time redaction, SecuPi can disable access to data subjects where consent wasn’t given, or where the customer requested to opt-out.

Article 8 – Conditions Applicable to Child’s Consent in Relation to Information Society Services

Using Dynamic Data Masking and real-time redaction, SecuPi can disable access to data subjects where consent wasn’t given or where the customer requested to opt-out.

Article 9 – Processing of Special Categories of Personal Data

For the processing of special categories, SecuPi can assist with masking and redacting certain data elements, thus disabling any potential reference to these categories of personal data, such as racial or ethnic origin, political views, religion and such.

Article 10 – Processing of Personal Data Relating to Criminal Convictions and Offenses

SecuPi can segregate criminal conviction and offenses information through masking and redaction, to ensure it is not accessible

Article 15 – Right of Access by the Data Subject

SecuPi data analytics capability enables search across all in- scope systems and within records of transfers to support identification of data belonging to individuals. This ensures records of processing are accurate and dynamically updated. In combination the data discovery, and data-flow mapping significantly improves ability to respond promptly to data subject requests.

Article 17 – Right to Erasure (‘Right to be Forgotten’)

On the application level, SecuPi redacts information on customer who requested to be forgotten (referred to as “logical deletion” ). On the database level, SecuPi applies Format Preserving Randomization (FPR) Anonymization, ensuring that both the personal data is anonymized, as well as randomized on different databases, to prevent correlation of the same anonymized value between different data sets.

Article 18 – Right to Restriction of Processing

Using Dynamic Masking and redaction, SecuPi can disable access to data subjects where consent wasn’t given or where the customer requested to restrict processing of personal data.

Article 21 – Right to Object

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data.
SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed
Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

Article 25 – Data Protection by Design and by Default

SecuPi protects all data deemed personal and private by the application owner, hence immediately manage access privileges, and flag anomalous behavioristic facts on data access or processing.
Through full audit, Data Protection by design and by default are enabled:
1. Data protection by design example – any access to personal data is logged and can never be deleted.
2. Data protection by default example – SecuPi can be configured to block all access to personal data unless specifically granted to users.

Article 30 – Records of Processing Activities

SecuPi’s audit logs are clear and factual and can show which processor accessed which data, as well as providing full transcript of the processing activities done through the application. Since the SecuPi agent is deployed on the application server, it has access to all relevant information, including which user was used to process the information, timestamp, URI, etc. SecuPi enables to map data-flows and provides the ability to granularly audit and control it to maintain access on a “need to know basis” and use data in line with its purpose.

Article 32 – Security of Processing

As described in previous articles, SecuPi’s audit logs, as well as masking and tokenization capabilities cover the security of processing through complete protection of personal data accessed through LoB applications and DBA/development tools. This covers the pseudonymization and encryption of personal data, as well as the ability to ensure the ongoing confidentiality and integrity of personal data. SecuPi combines personal data discovery, and data-flow mapping, and activity monitoring allowing the data subject to know, upon request, where its data is being stored and how its used within the organization.

Article 33 – Notification of a Personal Data Breach to the Supervisory Authority

In the unfortunate case of a breach, SecuPi’s audit logs and behavior analytics can pinpoint exactly which data was exposed and breached, and significantly shorten the reporting time, while providing accurate and accountable information.

Article 34 – Communication of a Personal Data Breach to the Data Subject

In the unfortunate case of a breach, SecuPi’s audit logs and behavior analytics can pinpoint exactly which data was exposed and breached, and significantly shorten the reporting time, while providing accurate and accountable information.SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed
Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

The SecuPi platform enables full control over Data Access Governance allowing to centrally determine who can see which data to ensure data minimization requirements are being met. The platform enables to embed Pseudonymization, anonymization and Data Security with little to no effort. SecuPi’s Data Access Governance capabilities are aligned with GDPR requirements as they can disable access to data subjects where consent wasn’t given or documented properly. When handling data access, SecuPi doesn’t touch or change any actual data, only it’s presentation, ensuring that the data remains accurate and unmanipulated.

How ready are you for the GDPR?

Schedule an assessment!