Simplify and Accelerate Privacy Compliance Across the Enterprise
Dataguise privacy software automates key data privacy compliance processes for reduced risk and cost
When even small companies can have millions of customers around the globe, staying on top of every privacy requirement and managing compliance—not only with data privacy regulations but also with individual privacy obligations—simply isn’t practical, let alone possible, without automation.
Our data privacy software combines industry-leading data discovery + protection functionality to deliver a comprehensive view of all the various personal data elements and associated data subjects (individuals) across your enterprise, as well as automated capabilities for managing core privacy operations. It enables you to take a broad view of your organization’s usage of personal data and demonstrate both understanding and control of that usage. At the same time, it helps you meet the most specific privacy requirements.
Key Capabilities & Advantages
The foundation of any privacy program is the knowledge of all personal data held by the organization. Dataguise provides a detailed inventory of the various data elements across different systems and formats. Whether in data lakes, large databases, or document repositories, Dataguise can identify and classify personal data based on applicable policies. The policies can be created and customized by your organization, or you can leverage pre-built policies we’ve included for common PI/PII elements, such as those covered by the PCI DSS, HIPAA, GDPR, or CCPA.
Using the discovered data elements, Dataguise identifies and inventories the identities behind the data. The information Dataguise is able to glean about the identities provides organizations with the flexibility to address various privacy requirements as well as a better understanding of the makeup of their different data subject groups (e.g., country and state of residency, age, or contractual agreements).
Well before the GDPR and CCPA, different privacy regulations provided individuals with the right to see what information companies keep about them and ensure its accuracy. Today, this right is commonly referred to as a Data Subject Access Request (DSAR) and requires a significant level of effort and cost to address (an average of $1,404 per request, according to Gartner). Dataguise automates this process, from obtaining the initial request to the creation of a report that can be securely shared with the individual data subject.
Directly tied with the DSAR is another individual right: the Right of Erasure. Dataguise offers a wide range of functionality, from hard delete to masking and encryption, to address these erasure requirements. Format-Preserving Masking is particularly helpful for this purpose, as it is designed to eliminate personal data in a manner that avoids the downstream impact on other systems.
The management of consents—the choices (opt in/out) that data subjects make, or the permissions they give, for processing their data—has a broad impact on privacy management. Different parts of the organization may offer multiple opportunities for data processing, from sharing it with third parties to sending marketing communications. Accurately tracking these consents involves tracking the choices made by more data subjects than those that commonly submit a DSAR or ask for their data to be erased. Dataguise can help you identify identities accurately and consolidate consents in a centralized view for easier consent management at the enterprise level.
A common privacy compliance requirement is that the organization limit its use of personal information to the purpose that was stated when the information was collected. Dataguise is able to track key usage details that provide clear indication of “scope creep” when it comes to the purpose for which the data was collected. Such details—which involve the nature of the personal data in question, the data subjects it describes, and the systems that process the data—can paint an accurate picture for the privacy program about this key compliance risk.
Another enterprise level need for privacy management is staying on top of retention limits. Identifying the data that can be archived or deleted is not only a compliance requirement but also a risk mitigation approach. Dataguise is able to track the retention periods of database tables and documents and alert the organizations on those that have reached the end of their retention period. Our masking and encryption capabilities can then be used to take additional action with the relevant data.
While Records of Processing Activities (ROPA) emerged from the requirements of the GDPR’s Article 30, it is applicable in regulations outside of the European Economic Area. This accountability reporting tool was previously addressed with manually created data flows and interview-based business process narratives. Dataguise is the first to provide automation for organizing the necessary data points for providing a ROPA for individual processing activities, increasing the accuracy of the ROPA and cutting down on time and other costs.
Since Dataguise has always focused on both the personal data and its users, we extend this capability to identify the specific privacy and security training needs of authorized users of the systems we scan. Companies can use the Dataguise technology to search for those authorized users, whether employees or third parties, to identify those who needs training or a refresher based on the data and data subjects to which they have access.
One of the most effective ways to protect personal data is through de-identification. Dataguise uses a variety of obfuscation techniques to achieve that goal. The flexibility we offer organizations in how they obfuscate their personal data is important for meeting different de-identification criteria, as those vary across industries and sensitivity. With appropriate de-identification, even the most sensitive personal data can be used for new business purposes and shared with other stakeholders.