Audit & Report on Data Privacy

Strong data governance and security pave the way for straightforward privacy compliance.

Your definition of personal data

The very definition of personal data lies at the heart of any work on privacy. And it changes necessarily by the organization in question. Wearable fitness company? Your device ID is personal data. Car manufacturer? A vehicle identification number (VIN) is personal data.

Open Raven provides a set of default classes for personal data as well as a completed collection (group of classes) for starters. From there, creating a custom data class for things like device IDs and VINs is a snap and can then be added to the default collection to fully fit your needs.

Creating a data class inside Open Raven

Adding custom data classes to find your own, unique customer IDs can be done directly in the UI or we'd be happy to lend you a hand.

Dynamic data inventory as the foundation

While privacy regulations across the globe vary meaningfully, at their core they all rely upon an organization having an up-to-date understanding of its data inventory. Open Raven lays down this foundation for you by automatically locating your data stores and then allowing you to inventory their contents at the interval of your choosing: hourly, daily, etc.

Visualizing data transfer

Data transfer across geographical boundaries has long been a focus of regulators and when Privacy Shield was invalidated in July of 2020 knowing where sensitive data can flow became more important than ever.

Understanding and communicating data transfer is as easy as clicking a button at a location where sensitive data resides within the 3D map to examine its peering relationships that allow for data flow across regions.

Open Raven's map showing VPC to VPC Peering

Need to know if source code can go from Frankfurt to Hong Kong? The answer is a click away.

Spotting the need for a privacy impact assessment

Privacy Impact Assessments (PIA) were introduced with the General Data Protection Regulation (Art. 35 of the GDPR). Ideally they’re done at the outset of any new project that processes data where it poses “high risk to the rights and freedoms of natural persons.”

Conditions are hardly ever ideal and Open Raven can help with the messy reality of discovering new locations where data is being processed and a PIA may be necessary. A simple policy looking for new instances of personal data (f.k.a. PII) across your environment can be used for monitoring and proactive alerting of where your GDPR or related obligations may have changed.

Enabling data subject access requests (and more)

Present day PrivacyOps requires fulfillment of data subject access requests (DSAR), data deletion requests and much more. Behind the scenes, all of these requirements mean you must know all the locations where data resides before you have a chance of being able to extract it, delete it, etc.

Open Raven is the ideal partner to a privacy project as the platform allows for ready API access to where data is located, what data is available and more so that PrivacyOps can rely on a complete, solid foundation.