Data Privacy Solutions
As more and more social and economic activities have place online, the importance of personal data privacy and data protection is increasingly recognised.
Data protection and privacy is taken very seriously worldwide. Around %80 of the countries already have some form of legislation to protect the PII data of individuals. General Data Protection and Regulation (GDPR) is the European legislation for data privacy as Kişisel Verilerin Korunması Kanunu (KVKK) is the Turkish equivalent of GDPR in Türkiye. These are just 2 examples of such legislations while there are many others around the globe.
Of equal concern is the collection, use and sharing of personal information to third parties without notice or consent of all individuals including citizens, consumers, employees, partners…
Our approach is simple yet effective;
- Scope your Legitimate Purposes for PII collection and processing
- Enforce Compliance with mulltiple global data protection regulations
- Strongly Protect All Personal Data from breaches and unauthorised access
- Fulfill Data Subject Rights - near real time
We provide technical solutions to cover the global compliancy requirements from data discovery to rightfully removal or obfuscation of personal data on structured, semi-structured and unstructured IT systems.
Our solutions mainly cover the following privacy legislation requirements;
We have tools to discover data on structured, semi-structured and unstructured domains. Any database, including both tabular and noSQL DBs, supporting JDBC connection can be accessed for data discovery. Automated discovery results are analysed and verified by our expert consultants for further actions.
PII Retention Management
Retention management is just another key requirement of privacy laws and regulations. After the verification of the discovery results we can update the data on production environments based on the business rules defined by the regulation departments or authorised legal partners of our customers.
There are many out of the box data update techniques such as masking, deletion, encryption, shuffling and skewing. Any customisation can also be implemented when the out of the box functionalities do not cover the specific requirements of our customers.
We have custom solutions for specific applications. SAP, for example, requires special treatment. We apply ABAP for the data update on SAP modules as database level update is not allowed on SAP environments.
Special Treatment of Sensitive Personal Data
Although there might be variations to the list of the sensitive data types GDPR considers the following personal data as ‘sensitive’ and to be subject to specific processing conditions:
- Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs
- Trade-union membership
- Genetic data, biometric data processed solely to identify a human being
- Health-related data
- Data concerning a person’s sex life or sexual orientation.
We have tools to discover and protect sensitive personal data on IT systems. The protection of such data is done by encrypting with proven technology.
Subject Requests Management
GDPR assures data subjects of the protection and privacy of their personal data. There are certain GDPR data subject rights and requests that a data subject can make as a customer, as an employee, and as personnel of a supplier. These are mainly;
- Right to information
- Right to access
- Right to rectification
- Right to withdraw consent
- Right to object
- Right to object to automated processing
- Right to be forgotten
- Right for data portability
Our tools help our customers revert the appropriate subject requests in a timely manner.
GDPR ROPA (KVKK Verbis) Management
Each controller and, where applicable, the controller’s representative, is required to maintain the records of processing activities under their responsibility. These records should mainly contain the data types, purpose of processing, retention period etc. The full list of the requirements are listed and updated on relevant legislation.
What we do is to provide a platform where these records can be created and updated by the DPO or whoever is in charge in an organisation. The platform provides means to keep older versions, run workflows for approvals and audit user activites.
Consent and Privacy Notice Management
Our consent management platform is a software solution that helps you collect and manage consents in line with data protection legislations.
It allows you to also to centrally manage notices and propagate them to all consent collection channels.
Our Content Management platform will enable integrating your front-end consent collection channels (corporate website and portals, mobile applications, marketing platforms etc.) and act like a central repository for consents.
The same platform can be used for privacy notice documents. The end users can maintain different word documents for different channels and check them in our platform for version management, run workflows and approval mechanisms.
All of the activites such as consent, withdrawal, approvals etc. are logged and can be audited historically.
Our technology stack comprises of following Opentext solutions. Each one of them covers specific areas of compliancy requirements. They are totally modular, each module can be implemented independantly while the whole suit can be integrated with each other and the customer IT systems to address a broader compliancy space.
- File Analysis Suite
- Structured Data Manager
- Content Manager