Top GDPR challenge: Do you know where your sensitive data is?
As companies worldwide scramble to meet new GDPR data privacy regulations, compliance with the Right to Erasure (Article 17) or more commonly known as The Right to be Forgotten has emerged as a top challenge. The problem sounds simple enough since the DELETE function is a standard feature on most any IT system, but how do you delete data if you do not know where it is?
The Right to Erasure states that all instances of personally identifiable information (PII) must be deleted upon request by any EU resident. For most organizations, this means that not only must ERP, HRMS, and CRM relational databases be searched, semi-structured and unstructured data stores must be scanned and searched as well.
Relational databases offer metadata management capabilities to assist in sensitive data discovery across database tables, but what about copies of that data? Once pulled from the source database, GDPR data may travel across the enterprise in a hundred different ways. Copies of the original record may have been transformed and now reside in data warehouses, emails, spreadsheets, file servers or any other data store across the extended enterprise.
So, it turns out the biggest challenge of The Right to Erasure is not the DELETE process itself, but visibility over where the sensitive data is located so it may be deleted, masked, encrypted, archived or just left alone.
Solix Sensitive Data Discovery offers a complete solution for searching sensitive data no matter where it may reside. Create a GDPR process to comply using pre-defined templates for PCI, PHI, and PII such as social security numbers and email IDs. Or, build your own sensitive data queries to meet custom requirements. By searching structured, semi-structured and unstructured data sources in a single scan, Solix Sensitive Data Discovery establishes a technology foundation and process to comply with The Right to Erasure.