GDPR becomes a reality on 25 May this year. Are you prepared?
Oracle GDPR can feel like a big headache, but we’ve developed three key areas to simplify the process.
It’s not too late to get ready but time is running out. GDPR compliance is a complex and time-consuming task – you need to assess where you’re affected and what you need to do in order to be compliant.
The new data laws put a number of responsibilities onto organisations who hold information on private individuals. These include ensuring personal data is secure, timescales for alerting the authorities about breaches, as well as responding to requests from individuals to see their data and delete it upon request.
Working out the legalities of your organisation’s data management is one thing. You also need to be able to do the practical stuff, such as working out what data you hold, how to report on it and how to delete it if needed.
The good news is that Oracle applications are designed from the ground up to support the handling, security and integrity of data. In fact, we’d say you’re already 90 per cent of the way there as far as GDPR goes if you’re running Oracle.
However, getting to 100 per cent GDPR compliance is both difficult and time consuming, which is the last thing you need when time is short. That’s why Claremont has extended their services to help you have confidence in your data, which comes in three parts:
1.System Health Check
In order for you to make informed decisions about what GDPR means for your organisation from a legal standpoint, you need to understand the data you already hold and the way your systems interact with that data.
Claremont’s System Health Check helps you determine whether your system applications are working appropriately to manage GDPR compliancy.
We analyse the security of the information you store and check the data flow between systems, ensuring organisation-wide integrity of personal records. The System Health Check is tailored to your specific requirements to include, for example, checking for data ambiguity, integration issues and levels of data security.
Timescale for the health check: measured in days and dependent on depth and complexity of requirement
2.GDPR Data Discovery Reports
Claremont’s data discovery uses custom logic to interrogate your back office applications database, surfacing all personal data we believe is related to GDPR. You can then restrict or search data with the use of parameters to provide two types of reports:
- An administrative report showing a list of personal data records.
- A personalised per person report, containing all information held for an individual data subject.
These two reports unlock personal data from your system, giving you the visibility you need in order to decide what needs to be done to make your organisation GDPR compliant.
Our GDPR Data Discovery Reports also help to automate the process of ongoing compliance. Reports can be scheduled to run automatically against different parameters, to suit your particular needs. For example, you may want to surface any information that hasn’t changed for a specified number of years.
The second type of report, containing all personal data held for an individual data subject, is ideal for servicing requests by individuals for the data your organisation holds on them.
We can shape the delivery of reports to suit your organisation, as emails to flag up issues that need action or as a dashboard.
Timescale to set up reporting: days
3.Advanced Data Deletion and Masking
Compliance with GDPR requires you to be able to remove data from your systems, not least because of the ‘Right to be forgotten’ part of the directive.
However, deleting data from complex systems is not a straightforward task. In some systems it may be impossible to delete information without compromising data elsewhere.
Claremont has experience in helping organisations remove or, where that is impossible, mask data in order to make it meaningless. Our methodology enables us to create a custom solution for you to safely delete or mask data as part of your initial or ongoing GDPR compliance work.
Timescale to implement custom solution: days to weeks dependent on requirement and data complexity
To learn more about how Claremont can help you process your data in time for GDPR, get in touch.
Angel Trains is one of Britain's leading train leasing companies and has been an owner and lessor of rolling stock since 1994. The company leases to 18 franchised operators and two open access operators in the UK. Claremont’s proactive and personal approach helped...
PPL is a UK-based, music licensing company which licenses recorded music for broadcast, online and public performance use, on behalf of thousands of record companies and performers worldwide. Background PPL implemented Oracle E-Business Suite in 2006. As a major...