The Road to GDPR for Comintelli
What is GDPR?
Comintelli hosts the intelligence2day® Cloud Platform’s within the European Union and will need to comply with the European Union’s General Data Protection Directive (GDPR) that will apply 25 May 2018.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
What does Comintelli need to comply with?
Three of the most important things that regulators require when interacting with organizations around personal data and GDPR are:
- Data Breach – In the case of a Data Breach where personal data is involved, both the regulatory body and the impacted individuals must be informed in as timely a manner as possible, preferably within 72 hours of the breach being discovered. The Data Protection Officer must have a ”map” to guide their team and enable IT to rapidly track down which systems, databases or computers were exposed to hackers in a timely fashion.
- The Right to be Forgotten – European citizens who desire to be removed from an organization’s data stores (“right to be forgotten”) must have their data eliminated. When an EU citizen invokes their “right to be forgotten” from your organization’s data stores, action needs to be taken.
- The Privacy Impact Assessment – An understanding of the levels of risk involved via a Privacy Impact Assessment (“PIA”) where the level of risk broken down by asset must be examined. Regulators expect organizations that manage personal data to know and be able to communicate where personal data is present in IT systems and to have conducted a Privacy Impact Assessment (“PIA”) which ranks personal data risk exposure by system.
What are Comintelli doing to comply with GDPR?
GDPR compliance is impossible without Data Management and Data Governance. Each of the requirements above need data management in order to even take the first steps towards satisfying these requirements.
Comintelli is continuously working to map out where all data resides, including personal data.
To store it’s data, Comintelli utilizes the services from the world leaders within cloud computing:
- Rackspace for Intelligence2day® application hosting
- Google for internal data storage and processing.
These companies have announced they will fulfill their legal requirements regarding the GDPR regulation.
The Intelligence2day® software platform is being assessed for compliance readiness versus the GDPR. This will generate an action plan addressing any potential gaps for compliance. This might result in both additional and removed functionality in order to comply with the directive.
Comintelli expects to to be completely GDPR compliant in time before the regulation is applied on 25th May 2018.