Control where your data is and how it’s stored, shared and accessed.
The General Data Protection Regulation (GDPR) is law and is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy.
Rinodrive gives each customer an encrypted data management and machine learning platform that revolutionises how organisations manage, prepare, secure and harness data and content from any source and in any format.
Easily search and catalogue private data.
Content and data can be tagged and commented upon with deep searching algorithms that builds and extracts profile of all private information held on relevant subjects.
Synced desktop apps allow data to be collected and centralised across departments where consumer exercises right to see what information’s being held.
Automatic algorithms can be run to screen out non relevant or inappropriate data and other personal data from subjects that have not consented to have information revealed.
A firm foundation for ongoing GDPR compliance.
Empowers administrators to see when files are accessed, with evidence, helping report any breaches within the 72-hour GDPR notification.
Software, security, servers and storage are constantly updated to support GDPR and other relevant laws and regulations.
Easy on-boarding, fast deployment, intuitive: Be up and running and building a foundation for ongoing compliance in hours instead of months.
Catalogue personal information stored anywhere to make it easy to locate and process specific data if requested by an EU resident.
Know what personal data you have, where it’s located, and who has access. Ensure it’s security with persistent encryption.
Keep sensitive data in the EU, secured in the EU and backed up in the EU without limiting appropriate access from anywhere in the world.
The General Data Protection Regulation (GDPR) becomes law in May 2018 and is designed to harmonise data privacy laws across Europe and to provide a data protection framework for the protection of personal data. The GDPR allows individuals to bring private claims against data processors and data controllers that are not compliant with the Regulation. Organisations that are not compliant, can be fined the greater of up to 4% of annual global turnover, or €20m.
The GDPR applies to all organisations processing personal data of European citizens. The GDPR applies to all personal data that is collected in the EU, regardless of where in the world it is processed. Any database containing personal or sensitive data collected within the EU will be in scope, as will any media containing personal or sensitive data. Any organisation that has such data in its systems, regardless of business size or sector, will have to comply with the GDPR.
Personal data is any information relating to an identified or identifiable ‘natural person’ (a “Data Subject”). It can include information such as a name, a photo, an email address (personal and work), bank details, posts on social networking websites, medical information or even an IP address. The definition of ‘personal data’ is the same in all Member States. The provisions of the GDPR are generally consistent across all Member States. As a general rule, any information that can be used to identify an individual – either on its own or when combined with another piece of information – is classified as personal data. This can include biometric, genetic and location data.
The point of the GDPR is to standardise data protection regimes across the EU. And it is an EU regulation. EU regulations have direct effect in all EU Member States, so the definition of ‘personal data’ is consistent across all Member States.
Any processing of personal data within the jurisdiction is within the remit of the GDPR. In that respect, all organisations B2C, B2B, charities, sporting bodies, political parties will have the same obligations to fulfil under the legislation.
Personal identifiers (PIDs) are a subset of personal data. They identify a unique individual and can permit another person to assume that individual’s identity without their knowledge or consent. This can occur when PID data elements are used either alone, combined with a person’s name, combined with other PID data elements, or combined with other personal data. Personal identifiers include, for instance, account numbers, PINs, passwords, voice scans and credit card numbers.
Health information is treated as sensitive data under the GDPR. Organisations processing health data must have a lawful ground to do so, which is most likely to be the explicit consent of the data subject.
The GDPR applies irrespective of sector or activity. As long as personal data is being processed, and the processor/controller is established in the Eu or the processing affects Eu data subjects, the GDPR applies.
If the remote person would be able to identify a natural person, write down what they read, photograph it or share it with someone, then it’s within the scope of the GDPR. If the remote access involves processing the personal data then it’s within the scope of the GDPR. The definition of processing is very broad and includes, any operation performed on personal data such as collecting, storing, using, retrieving and transmitting or deleting it. The support organisation will be subject to the GDPR.
Encryption is a very important security tool for minimising exposure under GDPR. Article 32(1)(a) sanctions it as an appropriate security technique and if done properly it will significantly minimise the risks and exposure to an organisation in the event of security breach. DPOs/admins should review their encrypted data and assess the reasonable likelihood of that data being decrypted, taking into account future technologies.
Personal data is personal data, wherever it’s held. If a mobile device that contains personal data and is breached while travelling, it is as much a data breach under the GDPR as one affecting a database within the EU.