GDPR (General Data Protection Regulative) increases the protection of European data subjects’ rights and clarifies what companies that process personal data must do to safeguard these rights. The purpose of GDPR is to determine what data you need to keep. If your business has collected a lot of data without any real benefit, it is the time to consider which data is important to your business.

GDPR encourages a more disciplined treatment of personal data.

The Regulation has been adopted by the European Commission and the European Parliament and must be applied in full, directly and without delay. The concept of personal data within the Regulation has been expanded, and it considers personal data as personal names, location data, online identifiers such as MAC and IP addresses and web cookies, as well as genetic and biometric data of an individual.

The scope of the Regulation is greater than previous information security certificates, and it is not just a security or technical issue, but should be approached multidisciplinary under the auspice of the top of the organization.

The basic purpose of our Solution is to provide insight into all business records stored in the company´s systems for each person registered in the source systems. The source system for this solution is any information system of the Company whose data the solution analyzes and from which it extracts data about persons and business records.

The solution is used for discovery of personal data in the source systems, defining in which category the unstructured data falls into (redundant, obsolete, trivial) with the help of Micro Focus, and extraction of metadata from the source systems for business records that contain personal data. Furthermore, it enables the Company to maintain a classification of the records, which leads to the declaration of the same by using the OpenText Content Manager – once at the end of the project and continuously / daily in the future.

During the data extraction from source systems, two groups of data are stored in the GDPR database:

  • List of persons: full name, OIB and JMBG
  • List of business records: type of record, an identifier of the record in the source system, date of the record, person to whom the record refers, and an identifier of the source system.

Personal data is processed in the following order:

  • Personal data detection tools analyze all data in source systems and determine where personal data is located. We call this process Discovery.

  • Discovery results are passed on to the Data Extractors.

  • Data extractors collect personal data and business record data for persons found in source systems.

  • Data extractors store the collected data in the Personal Data Storage System and Business Record Index.

  • The application allows authorized users to view and analyze the collected data. Also, the application is the only component of the Solution that is visible to the end-users.

There are as well available options for searching and making reports that can be printed or saved in PDF or Excel format.

It is important to note that the Solution does not change or in any other way compromise the data stored in the source systems, nor does it affect the performance of the source systems.

OpenText ControlPoint connects with different repositories like Exchange, SharePoint, M-Files, Windows file shares, for unstructured data, and the OpenText Structured Data Manager, for structured data. Empowered by IDOL (Intelligent Data Operating Layer), rich analytics tool, OpenText solutions bridge various data silos, provide grainy insights into information, and bring to the surface highly critical and sensitive data – such as personal data that may be subject to GDPR Regulation.

The implementation and enforcement of information management policies throughout the data lifecycle can be achieved using an integrated OpenText Content Manager system.

Reinforced with such in-depth insight into customer data, organizations can simplify and encourage cost efficiencies in the process of protecting, exploiting, and taking action based on that information.