The General Data Protection Regulation or GDPR is a new regulation that aims to protect all EU citizens from privacy and data breaches, replacing the directive that was established in 1995. The enforcement date for this new regulation is 25 May 2018.
GDPR aims to protect several types of personal information, such as basic identity information (name, address); web data (IP, location); health and genetic data; etc. It gives people the right to be completely forgotten by companies if they wish.
The regulation will be applied to all companies processing personal information of people residing in the EU, regardless of the company’s location, and it’s important to stress that organisations in non-compliance will face hefty fines.
So, this new regulation is right around the corner and companies should already have started figuring out what they will do to follow this new regulation when storing and processing data from any EU citizen. Read below how to comply with GDPR using Pentaho.
Why use Pentaho for GDPR?
To get everything ready for GDPR, you might want (or need) to create a database to keep track of several things that will help you inform individuals about the personal data that you are storing and using, and Pentaho Data Integration (PDI) might make this easier for you.
Here are some things you can do:
1. Personal Data Changes
You can store information about any new personal data entering your company. This will help you inform your leads about the collected data and obtain their consent for processing it faster. To do so, you can use PDI to create a Job (or several Jobs) that will automatically read the new information that is being stored in the tables from your data sources and make it available in your GDPR database, allowing you easier access to data changes.
2. Data Usability
Ideally, you need to store information based on the type of use you can make of the personal information you have, because individuals can request that you do not use it for specific purposes, like Marketing, for example. So, using PDI, you can create:
- A process to read from the data sources the type of consent that every person gave and store it, allowing you to quickly know if you have permission to keep the data and for what goals you can use it.
- A process that will check any new data you have and validate it using the type of use you can make, analysing whether you should have it or not. It can, for example, send you an email with this type of information.
3. Individual Notification
If you store your data for points one and two, it is possible to create a PDI process to check for any personal data and if there is any use you are permitted to make of it. If not, then there is no point in keeping it.
So, this process can be configured to send you an email with the list of individuals that haven’t given their consent for you to keep their data. It can also store that information in a file along with the person’s contact information (in the event that you have this as well), allowing you to contact them easily.
These are just some simple cases of processes that can be implemented with Pentaho to help you comply with GDPR and clearly see if there is any problem or downside in keeping the data you have stored/collected, because this will help your company avoid legal consequences and, at the same time, help your customers feel safer – this will help to maintain trust in your company.