With the General Data Protection Regulation's implementation date just a year away, businesses will be looking for ways to ensure they don't get slammed by massive financial penalties stemming from non-compliance.
A slew of new and established companies are jumping into the fold by offering new tech solutions for GDPR compliance. With so many new privacy tech products hitting the market, we put together a Privacy Tech Vendor Report to help IAPP members see what solutions are out there.
One such start-up, Integris, came out of the shadows to launch their new product during the IAPP Global Privacy Summit 2017 last month. Attendees got a chance to view a demo of the new product on the exhibit floor, and Integris hosted a session on how organizations are preparing for the GDPR.
At the event, Privacy Tech caught up with Integris CEO and Co-founder Kristina Bergman, who emphasized that her firm aims to fill a big need for large enterprises, not only by offering GDPR-compliance solutions, but also by empowering chief privacy officers to do more than sit in a position where they only say no.
A slew of new and established companies are jumping into the fold by offering new tech solutions for GDPR compliance.
She explained Integris' software works as a policy engine, applying a company's privacy policies to individuals' data. The tool will not be offering legal recommendations, however, but will rather map out all of the data an organization possesses, whether it's located in a database or in the cloud.
"Based on the metadata structures and sampling the data, we can say that this looks like race, this looks like Social Security numbers, this looks like device ID, this looks like phone number," said Bergman. "We tag that data and create a map of what the PI elements are within your organization, and then serve that up in the form of risk calculations within your PI dashboard."
The user interface consists of a PI dashboard allowing an organization to monitor data throughout its lifecycle. As an organization is collecting, storing, processing, and retaining data, the software is analyzing the risk exposure at each stage based on the company's existing privacy policies. The dashboard also analyzes an organization's overall risk and the risk they face in the event of a data breach.
Creating those risk scores was one of the biggest challenges facing Integris as they worked to launch their software, Bergman explained. Data comes from many different sources within an organization, and while some have newer systems such as Hadoop, or the cloud, many have their data stored in legacy systems. Integris was able to connect all of the disparate systems in a unified way to produce the information an organization needs to properly service their clients.
Bergman said Integris Software is "multitenanted," meaning each relevant department or acquired company can have their own view. Importantly, this also provides chief privacy officers with a global view of the organization's data. Once the data is mapped and the dashboard is filled, companies can begin to work to ensure they are GDPR-compliant.
"Say a data subject requests that they 'want to be forgotten,' you can search for that person’s record within your system," said Bergman. "You get a report back in your dashboard that shows you all the systems where that person’s data exists and what PI elements are associated with it, so you can then take action on it and contact the system owners and say we need to remove this person’s data. If not, we need to attach legal justification for why we didn’t."
When the software finishes mapping the data, organizations can search for those PI elements based on any unique information, including user names, telephone numbers, or email addresses. Bergman explained that data mapping previously consisted of work done by consultants, but a key issue with this process continued to surface: Once the initial mapping had been finished, it would immediately become obsolete as new data would came into the system.
Bergman said Integris is aiming to fix this key problem by allowing the data map to exist in perpetuity while maintaining its relevancy and accuracy.
One large goal Integris is hoping to achieve, Bergman said, is to boost the role of the chief privacy officer.
One large goal Integris is hoping to achieve, Bergman said, is to boost the role of the chief privacy officer. With the software helping to map out an organization's data assets, a company can use data it knows is low risk as a resource to boost its business, giving CPOs a much more attractive role within a company.
"We are hoping to make the office of the chief privacy officer a business enabler, not someone who just says no," said Bergman.
Spinning the role of the chief privacy officer coincides with the overall mindset Integris hopes to convey as its product continues to evolve, Bergman said. As GDPR preparation begins to accelerate, Integris hopes its software is a tool organizations can implement to make privacy compliance less of a looming threat.
"It’s been wonderful to see the focus that large enterprises have put on privacy because of the GDPR. It’s something that I think is important to everyone on a visceral level," said Bergman. "It’s put a wonderful focus on how important privacy is to individuals and how important it therefore needs to be to organizations. To me, privacy compliance isn’t just about avoiding the negative, it’s also about focusing on the positive, because once organizations understand what data they have within their organization and they understand the risks associated and the types of data, they can actually do a lot more than they ever thought possible."
If you want to comment on this post, you need to login.