SAP Gold Partner

Preparing for the General Data Protection Regulation | Why should a company act now and not wait?

Preparing for the General Data Protection Regulation | Why should a company act now and not wait?

Preparing for the General Data Protection Regulation: A 'Wait and See' approach is going to be pricey for US organizations doing business with the EU.

GDPR | Are there GDPR solutions and templates for Article 30 (records of processing activities)?

GDPR | Are there GDPR solutions and templates for Article 30 (records of processing activities)?

What is a data processing inventory?

A data processing inventory reflects how the business processes data and starts with listing the processing activities and their purpose.  A data processing inventory is aligned with how the business works, making it is easy for the business to engage.

The GDPR creates an opportunity for organizations to limit their data inventory. Organizations need an inventory of their data processing operations, instead of all their data holdings and detailed inventory.

Is GDPR consent required for the use of anonymous data?

Is GDPR consent required for the use of anonymous data?

The GDPR sets very particular regulations on consent. With the new regulation coming in May 2018, companies need to be prepared for new GDPR consent mechanisms for their SAP test and QA systems. Anonymizing data in these systems make GDPR consent no longer mandatory. Natuvion's TDA tool offers a safe way to anonymize data so that it can be safely and rightfully used while expediting the process to full compliance and without the risk of facing GDPR  fines.  

What is a Data Protection Impact Assessment (DPIA)?

What is a Data Protection Impact Assessment (DPIA)?

With the new regulations taking place in May, the GDPR requires a Data Protection impact assessment (DPIA). A data protection impact assessment helps identify the risks when handling personal data and provides a structured process for your company. This assessment increases the transparency and provides a structure for unknown processes that involve dealing with personal data that reduces the risk of non-compliance with GDPR.

Is there a document available online which lists everything that is considered GDPR personal data?

In the General Data Protection Regulation, the personal data definition is formulated very generally. Below, we list some examples. However, given the breadth of the regulation, it is not easy to list all the types of data that are considered personal.

The GDPR regulation applies to any kind of data concerning a determinate or determinable individual.  Below we listed some examples we see at our customers but there are more;

 

  1. Personal employee data (name, address, date of birth, etc.)
  2. Information about customers, patients, clients (marketing databases, medical records, contact lists, any contact information)
  3. Data transferred to third parties (accounting books, credit registers, direct marketing)
  4. Non-public personal data of business partners and providers
  5. IP (Internet Protocol) addresses
  6. Cookie identifiers, or others such as Radio Frequency Identification (RFID) tags
  7. Camera records
  8. Iris scan
  9. User ID and passwords - access registration
  10. Smart meter data
  11. Biometric data
  12. Health data
  13. Membership of a labor organization
personaldata.JPG

What is a SAP Gold Partner, why is this important for The GDPR?

What is a SAP Gold Partner, why is this important for The GDPR?

Natuvion is a SAP Gold Partner.

Do we need data privacy consent from individuals to use real data in secondary systems?

Do we need data privacy consent from individuals to use real data in secondary systems?

The best way to eliminate your risk is to anonymize the data in secondary systems.  Anonymizing the data removes the need for data privacy consent and (with proof) removes the systems from GDPR compliance processing, while still providing the data for analysis or testing.