Data Executives

Protect Sensitive Information

Organizations are often required to comply with laws and regulations related to data protection. CIOs are responsible for business continuity and compliance with laws and regulations.

protect-sensitive-information-image.png

Overview

As data represents an asset for the company, the need arises to protect them adequately.

Criminals are well aware of the value of data, often more than the companies themselves, as evidenced by the increasing number of successful cyberattacks. Nowadays data is not only stolen, but also made unusable, effectively making it impossible to carry out business activities.

On the other hand, Organizations are often required to comply with laws and regulations related to data protection, such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) in the United States.

CIOs are responsible for business continuity and compliance with laws and regulations.

The Needs

Identify Sensitive Information

Automatically detect where are stored personal and other sensitive information, scanning databases, tables and columns, based on custom rules

Keep Your Data Safe

Develop policies, procedures, and controls to ensure that data is used appropriately and protected from unauthorized access, theft, or loss.

The Human Factor

Identify the data life cycle as well as the responsibilities for each process. Control who has access to their data and under what circumstances.

Data Subject Rights

Collect and manage consents, record data processings and track data subjects’ requests, estabish data governance process to enable data portability and right to be forgotten.

How to

Blindata offers a set of features that support data protection, compliance with regulations and enable effective and correct use of data:

The first step in ensuring data security is mapping what data assets an organization has and where they’re located. Blindata Data Catalog provides a comprehensive view of an organization’s data assets, including their structure, relationships, and dependencies, making it easier to identify what data needs to be protected. Blindata Agent automatically collects metadata, connecting to both on-premise systems and cloud services, potentially identifying the type of protection applied to catalog items.

In order to ensure compliance and security, organizations must identify the level of protection required for each type of data and apply appropriate security measures. To help companies in this task, Blindata Data Classification links Business Entities and Business Terms to Physical Entities, like tables, columns, reports, views, ecc…. Using custom rules it is possible to identify PIIs and other sensitive information.
Blindata helps organizations to comply with various data privacy regulations, such as GDPR, as well as industry specific laws, like Solvency II, PCI DSS and HIPAA. By identifying sensitive data and applying appropriate security controls, organizations can ensure that they are following regulations and avoid potential fines and legal penalties.

Security-based data management must identify the various touchpoints where data is created, processed, stored, and transmitted within their systems, as well as the individuals or departments that have access to it. By doing so, organizations can implement appropriate security measures at each stage to protect sensitive data from unauthorized access, use, or disclosure. Blindata Processing Registry maps the Data Actors, i.e. the entities that have a role in data management, both in the sourcing phase and in the transformation and consumption phase. Data processings are mapped as well giving a clear understanding of the data lifecycle and this enables the generation of the Record of Processing Activities, as required by the GDPR. Processings, Data Actors, Data Categories and Physical Entities are related to each other, and can be navigated via the Blindata Knowledge Graph.

According to the GDPR, the use of personal data is permitted if based on an appropriate legal basis (contract, consent, legal obligation, vital interest, public task, legitimate interest). The legal basis for processing must be identified and documented by the data controller before any processing takes place, and that the chosen legal basis must be appropriate and proportionate to the purpose of the processing. Moreover, where the processing is based on consent, the Data Controller must be able to demonstrate that the data subject has given his consent to the processing of his personal data. Blindata Consent Notary is a centralized repository of Privacy Disclaimer. The text can be in different languages and versions, so the different touchpoints can call Blindata and get the last approved version depending on the customer language. Once the Data Subject expresses his choice regarding the use of his personal data Blindata archives the decision using a blochchain. Then, every time a personal data must be used, Blindata can give the information that a processing of a specific personal data is permitted based on a specific legal basis.

Data subjects, such as customers, employees, etc., can exercise their rights regarding the management of personal data. For instance, they may ask to delete their personal data (rights to be forgotten or to erasure), to obtain and reuse their personal data for their own purposes across different services (right to data portability), to have inaccurate personal data rectified, or completed if it is incomplete (right to rectification). Blindata Issue Management allows the tracking of the requests of the Data Subjects: define a campaign for each type of request, generate an issue for each request received, assign it to the person in charge, select a due date, track its progress.