The EU General Data Protection Regulation (GDPR) is coming into effect in May 2018. Any organisation in possession of EU citizens’ personal data is subject to compliance.
Consented usage of EU citizens’ personal data is central to the regulation. As this is a new requirement, consent hasn’t been collected for all personal data types, may be inconsistent across data types and systems, may not have time stamps, or may not exist at all. In addition, a 72-hour data breach notification rule requires a near real-time reporting capability built on a highly secure data management system to demonstrate compliance at the request of the regulator and EU citizens.
When considering the “Lawfulness of processing” article 6 (https://www.privacy-regulation.eu/en/), organisations must be able to prove that they had consent to process the personal data. This necessitates a comprehensive audit of personal data consent status.
According to the Information Commissioner’s Office in the UK (www.ico.org.uk), “Consent must be freely given, specific, informed and unambiguous. There must be a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity. It must also be separate from other terms and conditions, and you will need to have simple ways for people to withdraw consent.”
Jurisdictional restrictions to access, process, archive, and transfer data require the appropriate policies implemented at the database level.
MarkLogic Consulting has developed a service specifically designed to put you on the right path to GDPR compliance. Our offering utilises the operational and transactional MarkLogic® database to build a GDPR consent dashboard.
Download this guide to find out more.