Data Foundations for GDPR

How CloverETL can help you get your data ready

3 Sides of GDPRTo comply with GDPR regulations, you need to look at 3 different parts of your business.

The legal sideAre all your consent forms, paperwork, etc. complying with what GDPR requires?

The processes you manageWhat are you doing with sensitive data now, and how might that need to change?

The data itselfDo you know what sensitive data you actually have? And where?

If you don’t know and understand your data, you might build your legal and process changes on faulty assumptions — failing to comply without even knowing.

Lega

l

Data

Process

1

2

3

To be able to manage your data properly, you first need to know where it is. Just because a field in your database isn’t labelled as Personally Identifiable Information (PII), it doesn’t mean that it doesn’t contain any.

Knowing Where Your Data IsPROBLEM 1

THE PII MAP How It Works

The CloverETL Harvester can crawl all your data, and tell you where you really have PII.

The Harvester builds a complete map of where your sensitive data exists.

Harvester is first “trained” on sensitive domains and data samples

Profiles your data and reports statistics on the sensitive matches including weighting scores

Our analysts then finish the process by examining and polishing the results

1

2

3

Anonymizing your data can be a way of complying with GDPR in certain scenarios. Simple anonymization (like masking PII with ‘*’) can limit the usability of data, so instead, enter pseudonymization:

AnonymizationPROBLEM 2

ANONYMIZATION ENGINE

Pseudoanonymization processes can break the link between personal info and other data, but retain some of the data’s previous qualities

The anonymisation engine also enables extension of GDPR compliance to broader use of your data – for example sharing portions of pseudoanonymized data as reliable test data sets with software vendors

Data consent under GDPR is about to get complicated. Various levels of consent need to be managed across a multitude of applications, reflecting consumer requests to withdraw or modify their preferences at any time.

Managing ConsentPROBLEM 3

DATA CONNECTIONS

CloverETL helps manage data across applications, so consent information can be centralized and shared from a single source of truth

New connections can be built between applications so each aspect of the organization is using the same, accurate information to ensure compliance

With new rights for consumers to manage their data, it’s likely organizations will find themselves handling many more requests to change consent or delete data (the ‘right to be forgotten’). It will be hard, if not impossible, to continue handling these manually.

Executing Data RightsPROBLEM 4

AUTOMATIC PROCESSING

With the PII Map, it becomes easy to see exactly where information about a data subject sits, so changes can be implemented properly

CloverETL enables processes to be set up that automate fulfillment of consent changes, with little or no human interaction - both saving time and eliminating (potentially costly) errors

Under GDPR, organizations are required to maintain audit trails of every data interaction – where the data came from, what happens to it and where it’s being shipped to.

Reporting and AuditingPROBLEM 5

COMPLETE DATA HISTORY

CloverETL’s reporting and audit capabilities can automatically log all interactions with sensitive data

Audit trails can be built easily, showing the complete history of your data’s journey

Start NowWith our help and technology, we can solve the data part of GDPR for you.

Get complete understanding of all your data and back your new compliance business processes with dependable, transparent and automated data pipelines.

Lega

l

Data

Process

C o n t a c t C l o v e r E T L