About Altova GDPR Compliance Database
The General Data Protection Regulation (GDPR) is a regulation in EU law that protects the data and privacy of persons living in the EU and European Economic Area (EEA). It became binding beginning 25 May 2018. Businesses that process personal data of people living in the EU and EEA must now ensure that this data is handled in line with the principles of the GDPR and that this data is protected. Data protection measures are required to be built into the design of business processes that collect personal data. If a data breach occurs and the breach compromises the privacy of a person, then the breach must be reported to the supervisory authority. (For more information about the GDPR, see the EU web page on GDPR and Wikipedia).
In order to make sure that all the personal data of EU/EEA residents held by your organization is in compliance with GDPR, you should build and continuously track all repositories of personal data that you maintain. The Altova GDPR Compliance Database enables you to quickly organize information about your repositories of personal data in a structured way.
The Altova GDPR Compliance Database enables you to do the following:
•Quickly configure departments and people in your organization that are involved in the collection and processing of personal data
•Quickly configure details of external entities that process personal data your organization collects
•Quickly create a list of all repositories in your organization where personal data is stored
•Set up criteria for classifying data (such as sensitivity, source, protection level), and assign a set of appropriate values for each classification. For example, a data classification might be named Storage duration and be defined to have one of the following values: 1 year, 2 years , 3 years , 5 years , 7 years
•Define data categories. In a given data category, the data classifications you have created are each assigned a value (from among their respective allowed values). For example, if you define a data category named Billing Address, then this category could have the following classification values: (i) Type of data = personal data; (ii) Encryption = none; (iii) Storage duration = 7 years
•List and define all the data-processing activities that are used by your organization, including applications used by external agents that are tasked with processing data for your organization (for example, an external organization that sends promotional emails to your customers)
•Automatically link information that is entered in one part of the compliance database so that this information is reused in related parts of the database; this provides efficiency and accuracy while entering information in the database, as well as a better overview of information
•Enable distributed use of a central system (the compliance database) by multiple users
•Enable users of the compliance database to independently modify the structure of the system, subject to an approval process that is built into the system
•Track changes to the structure and other aspects of the system
•Quickly generate different kinds of reports, which will be based on the information currently held in the compliance database
•Start discussions about different items of the compliance database, and invite specific users to join the discussion; discussion threads can be read directly in the system and in the context of the discussed item
•An internal correspondence system between users of the system, in which metadata items are directly linked to discussion threads about the respective item
•Discussion participants are notified by email about new messages in the discussion
This documentation describes installation of the GDPR Compliance Database as an easy-to-set-up virtual machine.