GDPR compliant data access management and data deletion

Data protection authorities are increasing their activities across Europe and have begun to identify and react to data breaches. Through this activity, a clear trend has arisen: Businesses have struggled to meet the requirements established under GDPR when it comes to access to, and deletion of, GDPR-relevant data.

The implementation of data access and deletion requirements within the GDPR is therefore clearly one of the largest risk areas for many businesses. A professional data protection organisation needs to proactively oversee these critical processes and implement identified continuous improvement initiatives. However, before this can happen, a data access and deletion concept outlining the fundamental approach to these topics needs to be developed and realised.

 

Manage access, then delete - simple to implement, right?

It sounds easy in principle: Data which no longer serves a purpose should be deleted. However, the reality is much more complicated. Interfaces and interdependencies need to be considered. Further, dig a little deeper and various questions and issues arise: Which data should be considered, and where is it stored; in key systems, smaller systems, or on paper? Which people need which data, for what purpose, and for how long? Who holds responsibility for data access management and for data deletion? How are requirements in specific situations identified and managed?

All these questions (and many more) need answers before a technical implementation can be undertaken. These answers ultimately make up a data access management and deletion concept, which can either be general in nature, or developed for a particular purpose.

We have already succesfully supported various organisations during the development and implementation of such concepts. Based on this experience, we have constructed a proven approach consisting of four phases:

  1. Analysis and kickoff with all relevant stakeholders
  2. Development of a data access and deletion concept
  3. Testing (with IT and/or IT service providers)
  4. Full implementation (with IT and/or IT service providers)

 
This approach has already been successfully implemented in diverse projects involving mulitple systems, in SAP-focused projects, and in customer reporting activities. We can therefore support you with an approach tailored to your specific needs. Contact us today!