The General Data Protection Regulation (GDPR) is a regulation of the EU, which is now implemented in national regulations. It requires organizations to more carefully deal with personal data of individuals by documenting all processes and datasets comprising personal data and providing standards for dealing with personal data, such as deletions on user request.
As divers as personal data is as divers will it be to comply with the GDPR regulation. While it is certainly possible to document the current state of personal data handling in an organization at a certain point-in-time, keeping this inventory-up-to-date is incredibly more difficult and cumbersome. If we want to continue to exploit the benefits of digitization and keep organizations flexible and agile, GDPR implementations need to be minimally invasive and seamlessly evolve as an organizations business changes.
Semantic technologies allow exactly that: We can describe and link the data assets in an enterprise in a flexible and extensible way. eccenca’s Corporate Memory dataset registry, for example, allows to describe, register and quickly identify specific personal data within the enterprise. With Corporate Memory’s active learning of dataset links, data pertaining to the same individual can be discovered, even when they were not connected previously. With Corporate Memory SYNC changes in personal data (e.g. deletions requested by a citizen) can be synchronized within and beyond an organization.
As a result, a GDPR implementation based on semantic technologies will be minimally invasive wrt. to existing workflows, systems and processes while at the same time ensuring the flexibility and agility of the organization is not hampered.
Lear more about eccenca’s GDPR solution.