Technical solutions for fulfilling GDPR requirements
Loe EESTI KEELES
General Data Protection Regulations (GDPR) set some requirements for data protection, that are not possible to fulfil solely with the knowledge of managers, lawyers or other employees who lack technical skills. Persons with technical skills, mostly IT officers and technical solutions, play a big part in fulfilling the requirements.
As the time when GDPR starts to apply gets closer, the more developed the technical solutions become, that would make data related activities more efficient, faster and would make certain activities automated and would help ensure better data protection. IT companies recognize more and more the necessity to pay attention to data protection aspects during development.
Technical solutions help to map data protection situations and try to make it compliant with the requirements. Considering that oftentimes companies have their data spread out in different places, it might be necessary to use the help of several different tools. OneTrust, Oracle, Veritas, Microsoft and several other IT companies offer a variety of solutions. Hence, it’s wise to see how to make a complicated situation easier.
IT tools help to fulfil data subjects’ requests, which according to the data protection regulations, the subjects have a right to make. E.g., if a data subject requests to have all data related to them deleted, it can take weeks or months to fulfil, while with the help of proper data mapping and technical solutions, e.g. the capability of an information system or some additional programs, time consumption can be significantly reduced.
Technical solutions also have a role in asking for the data subjects’ consent. GDPR obligates the data processor to be able to prove that the subject has given consent, but when we are dealing with e-services or purchasing products through them, the entire communication takes place electronically and no signatures are given. In these situations, technical solutions might help you by memorizing what kind of consent was given, when it was given and by whom.
Compliance with the GDPR is not possible to achieve just by drawing up different legal documents -data protection must be addressed more broadly. Necessary solutions may call for additional documentation as well as some technological advancement. Development might consist of perfecting the existing information systems, but also of using additional programs. Therefore, it is important to assess what needs to be changed when analysing the current state of your data processing and also whether it is possible to combine box products or would it be necessary, and more profitable, to develop your own system.