What is GDPR?
The General Data Protection Regulation (GDPR) is law and is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy.
Infringement Claims
The GDPR makes it considerably easier for citizens to bring claims against companies when data privacy is infringed.
Fines
If organisations fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.
It is the Law
The regulations are law and apply to all organisations – businesses, public bodies, charities, sporting organisations.
Dedicated, private, secure share, storage and collaboration for data to help meet GDPR regulatory responsibilities.
What is Rinodrive?
Rinodrive gives each customer an encrypted data management and machine learning platform that revolutionises how organisations manage, prepare, secure and harness data and content from any source and in any format.
Privacy by Design
Provide the Regulatory and Legal Authorities and customers with insight into how customer data is managed and privacy rights respected.
Build and Catalogue
Give appropriate users access to relevant data regardless of format and catalogue it to help better understand and protect that data.
Secure by Design
Decide and assign security for specific content with access or sharing rights to help prevent breaches, malicious intent and human error.
Audit Trail
Maintain oversight with an evidence based comprehensive timestamped audit trail of all file, folder and user activities.
Proactive Governance
Find, organise and secure data/content of customers and employees – wherever stored and whatever formats it’s stored in.
Secure Sharing
Share in a secure and compliant way across the organisation for better collaboration without sacrificing security or control.
Secured by design, private by design. Designed with governance in mind.
Comprehensive Data Security
Secured with encryption protocols, password protection, two factor authentication and identity management.
Ransomware Protection
Ransomware protection and malicious attack mitigation help manage risks associated with the processing of sensitive data.
Encryption and security without sacrificing the ability to use data and do business.
Search and Catalogue
Easily search and catalogue private data.
Tagging
Content and data can be tagged and commented upon with deep searching algorithms that builds and extracts profile of all private information held on relevant subjects.
Syncing
Synced desktop apps allow data to be collected and centralised across departments where consumer exercises right to see what information’s being held.
Screening
Automatic algorithms can be run to screen out non relevant or inappropriate data and other personal data from subjects that have not consented to have information revealed.
GDPR Ready
A firm foundation for ongoing GDPR compliance.
Empowering DPOs
Empowers administrators to see when files are accessed, with evidence, helping report any breaches within the 72-hour GDPR notification.
Continuous Enhancements
Software, security, servers and storage are constantly updated to support GDPR and other relevant laws and regulations.
Dedicated Platform
Easy on-boarding, fast deployment, intuitive: Be up and running and building a foundation for ongoing compliance in hours instead of months.
Right to be Forgotten
Catalogue personal information stored anywhere to make it easy to locate and process specific data if requested by an EU resident.
Centralised Control
Know what personal data you have, where it’s located, and who has access. Ensure it’s security with persistent encryption.
Data Residency
Keep sensitive data in the EU, secured in the EU and backed up in the EU without limiting appropriate access from anywhere in the world.
As Featured In
GDPR – FAQs
The General Data Protection Regulation (GDPR) becomes law in May 2018 and is designed to harmonise data privacy laws across Europe and to provide a data protection framework for the protection of personal data. The GDPR allows individuals to bring private claims against data processors and data controllers that are not compliant with the Regulation. Organisations that are not compliant, can be fined the greater of up to 4% of annual global turnover, or €20m.
The GDPR applies to all organisations processing personal data of European citizens. The GDPR applies to all personal data that is collected in the EU, regardless of where in the world it is processed. Any database containing personal or sensitive data collected within the EU will be in scope, as will any media containing personal or sensitive data. Any organisation that has such data in its systems, regardless of business size or sector, will have to comply with the GDPR.
Personal data is any information relating to an identified or identifiable ‘natural person’ (a “Data Subject”). It can include information such as a name, a photo, an email address (personal and work), bank details, posts on social networking websites, medical information or even an IP address. The definition of ‘personal data’ is the same in all Member States. The provisions of the GDPR are generally consistent across all Member States. As a general rule, any information that can be used to identify an individual – either on its own or when combined with another piece of information – is classified as personal data. This can include biometric, genetic and location data.
The point of the GDPR is to standardise data protection regimes across the EU. And it is an EU regulation. EU regulations have direct effect in all EU Member States, so the definition of ‘personal data’ is consistent across all Member States.
Any processing of personal data within the jurisdiction is within the remit of the GDPR. In that respect, all organisations B2C, B2B, charities, sporting bodies, political parties will have the same obligations to fulfil under the legislation.
Personal identifiers (PIDs) are a subset of personal data. They identify a unique individual and can permit another person to assume that individual’s identity without their knowledge or consent. This can occur when PID data elements are used either alone, combined with a person’s name, combined with other PID data elements, or combined with other personal data. Personal identifiers include, for instance, account numbers, PINs, passwords, voice scans and credit card numbers.
Health information is treated as sensitive data under the GDPR. Organisations processing health data must have a lawful ground to do so, which is most likely to be the explicit consent of the data subject.
The GDPR applies irrespective of sector or activity. As long as personal data is being processed, and the processor/controller is established in the Eu or the processing affects Eu data subjects, the GDPR applies.
If the remote person would be able to identify a natural person, write down what they read, photograph it or share it with someone, then it’s within the scope of the GDPR. If the remote access involves processing the personal data then it’s within the scope of the GDPR. The definition of processing is very broad and includes, any operation performed on personal data such as collecting, storing, using, retrieving and transmitting or deleting it. The support organisation will be subject to the GDPR.
Encryption is a very important security tool for minimising exposure under GDPR. Article 32(1)(a) sanctions it as an appropriate security technique and if done properly it will significantly minimise the risks and exposure to an organisation in the event of security breach. DPOs/admins should review their encrypted data and assess the reasonable likelihood of that data being decrypted, taking into account future technologies.
Personal data is personal data, wherever it’s held. If a mobile device that contains personal data and is breached while travelling, it is as much a data breach under the GDPR as one affecting a database within the EU.