If you pseudonymize the gdpr sensitive data in your SAP production systems it reduces the risk of GDPR fines and individual claims because in the event of a data breach, it is much less likely that pseudonymous data will cause harm to the affected individuals.
Art. 15 “Right of access by the data subject” - The data subject shall have the right to obtain from the controller confirmation as to whether or not gdpr personal data concerning him or her are being processed, and, if that is the case, access to the gdpr personal data plus other details. There are other examples too.
Sophia software provides discovery analytics that helps with the first step of implementing the GDPR compliance process by reporting on what personal data is in your landscape and where it is stored.
This new Data Privacy Framework replaces the EU Safe Harbor program but did not however embed protections against US law and policy on government surveillance. However, the GDPR and Privacy Shield and are now fully confirmed and enacted, transferring data across the Atlantic is still a challenging and complex legal procedure.
What is a data processing inventory?
A data processing inventory reflects how the business processes data and starts with listing the processing activities and their purpose. A data processing inventory is aligned with how the business works, making it is easy for the business to engage.
The GDPR creates an opportunity for organizations to limit their data inventory. Organizations need an inventory of their data processing operations, instead of all their data holdings and detailed inventory.
What is a data registry?
In this workshop, Natuvion walks you not only through the requirements of creating a data registry for your company but in doing so also helps you find a way to comply with other GDPR articles. This includes an analyzation of the different basis of processing and grounds for deletion including many others that build the necessary information needed for a data registry.
Cross-border data transfers.
The GDPR allows for data transfers to countries whose legal regime is deemed by the European Commission to provide for an “adequate” level of personal data protection. In the absence of an adequacy decision, however, transfers are also allowed outside non-EU states under certain circumstances, such as by use of standard contractual clauses or binding corporate rules GDPR (BCRs).