Strong data governance and security pave the way for straightforward privacy compliance.
The very definition of personal data lies at the heart of any work on privacy. And it changes necessarily by the organization in question. Wearable fitness company? Your device ID is personal data. Car manufacturer? A vehicle identification number (VIN) is personal data.
Open Raven provides a set of default classes for personal data as well as a completed collection (group of classes) for starters. From there, creating a custom data class for things like device IDs and VINs is a snap and can then be added to the default collection to fully fit your needs.
While privacy regulations across the globe vary meaningfully, at their core they all rely upon an organization having an up-to-date understanding of its data inventory. Open Raven lays down this foundation for you by automatically locating your data stores and then allowing you to inventory their contents at the interval of your choosing: hourly, daily, etc.
Data transfer across geographical boundaries has long been a focus of regulators and when Privacy Shield was invalidated in July of 2020 knowing where sensitive data can flow became more important than ever.
Understanding and communicating data transfer is as easy as clicking a button at a location where sensitive data resides within the 3D map to examine its peering relationships that allow for data flow across regions.
Privacy Impact Assessments (PIA) were introduced with the General Data Protection Regulation (Art. 35 of the GDPR). Ideally they’re done at the outset of any new project that processes data where it poses “high risk to the rights and freedoms of natural persons.”
Conditions are hardly ever ideal and Open Raven can help with the messy reality of discovering new locations where data is being processed and a PIA may be necessary. A simple policy looking for new instances of personal data (f.k.a. PII) across your environment can be used for monitoring and proactive alerting of where your GDPR or related obligations may have changed.
Present day PrivacyOps requires fulfillment of data subject access requests (DSAR), data deletion requests and much more. Behind the scenes, all of these requirements mean you must know all the locations where data resides before you have a chance of being able to extract it, delete it, etc.
Open Raven is the ideal partner to a privacy project as the platform allows for ready API access to where data is located, what data is available and more so that PrivacyOps can rely on a complete, solid foundation.