Audit and Report on Data Privacy
Strong data governance and security pave the way for straightforward privacy compliance.
Your definition of personal data
The very definition of personal data lies at the heart of any work on privacy. And it changes necessarily by the organization in question. Wearable fitness company? Your device ID is personal data. Car manufacturer? A vehicle identification number (VIN) is personal data.
Open Raven provides a set of default classes for personal data as well as a completed collection (group of classes) for starters. From there, creating a custom data class for things like device IDs and VINs is a snap and can then be added to the default collection to fully fit your needs.
Dynamic data inventory as the foundation
While privacy regulations across the globe vary meaningfully, at their core they all rely upon an organization having an up-to-date understanding of its data inventory. Open Raven lays down this foundation for you by automatically locating your data stores and then allowing you to inventory their contents at the interval of your choosing: hourly, daily, etc.
Visualizing data transfer
Data transfer across geographical boundaries has long been a focus of regulators and when Privacy Shield was invalidated in July of 2020, knowing where sensitive data can flow became more important than ever.
Understanding and communicating data transfer is as easy as clicking a button at a location where sensitive data resides within the 3D map to examine its peering relationships that allow for data flow across regions.
Spotting the need for a privacy impact assessment
Privacy Impact Assessments (PIA) were introduced with the General Data Protection Regulation (Art. 35 of the GDPR). Ideally they’re done at the outset of any new project that processes data where it poses “high risk to the rights and freedoms of natural persons.” Conditions are hardly ever ideal and Open Raven can help with the messy reality of discovering new locations where data is being processed and a PIA may be necessary. A simple policy looking for new instances of personal data (f.k.a. PII) across your environment can be used for monitoring and proactive alerting of where your GDPR or related obligations may have changed.
Enabling data subject access requests (and more)
Present day PrivacyOps requires fulfillment of data subject access requests (DSAR), data deletion requests and much more. Behind the scenes, all of these requirements mean you must know all the locations where data resides before you have a chance of being able to extract it, delete it, etc.
Open Raven is the ideal partner to a privacy project as the platform allows for ready API access to where data is located, what data is available and more so that PrivacyOps can rely on a complete, solid foundation.
Search, reporting and analytics with integrated Splunk
Splunk is one of the world's leading SIEMs, and for good reason. It utilizes a powerful search processing language (SPL) for security teams to search, report, and analyze log events across countless services, at scale. Until today, security teams would need to go to other tools, services or even interview service owners to gather critical data context. By integrating Splunk's powerful search and analytics function directly into Open Raven's modern data security platform, security teams can now include various security controls and data types with their searches, dashboards, reports and analytics for more valuable insights and quicker answers.