GDPR compliance tools: How regtech can help companies comply with GDPR

Software is no guarantee of GDPR compliance but it can certainly help organisations cope with the regulation.

Computerworld UKexplains what organisations need to investigate when selecting regtech software and looks at some of the best GDPR compliance tools on the market.

Read next: GDPR tips: How to ensure compliance with GDPR

Making the case for new regtech
iStock

Making the case for new regtech

New tools should be investigated thoroughly before they are adopted. GDPR regtech is a young area of technology largely comprised of unknown players producing tools for new purposes.

An enterprise data governance solution is a tempting option, but also an expensive one that can be complicated and time-intensive to manage. Simple tools such as spreadsheets can provide basic assistance, but will inevitably contain gaps and inconsistencies.

"For GDPR, don't build a business case for the tech, build it for the GDPR," says Robbie Burgess, the RELX Group's GDPR Programme Lead, at DataIQ's RegTech for GDPR conference.

"Be pragmatic. Don't try to over-engineer what you're trying to achieve."

DPOrganizer
© DPOrganizer

DPOrganizer

Swedish data privacy company DPOrganizer has produced a privacy management tool help users map, visualise, report and manage the processing of personal data.

The product also includes Incident Manager, which helps organisations meet the GDPR requirements for dealing with breaches within the applicable time frames. It does this by guiding users through the recording of a personal data-related incident, the analysis of the impact and risk, and the reporting process.

The software collects critical data, prompts users for further information that will help assess the risk and impact to determine the reporting requirements, and then guides them through the necessary method of response.

TRUSTe Assessment Manager
© TrustArc

TRUSTe Assessment Manager

The International Association of Privacy Professionals (IAPP) teamed up with TRUSTe to create a GDPR Readiness Assessment tool for IAPP members.

The online assessment consists of than 60 questions around the key requirements of the regulation.

After completing the assessment, users receive a report summarising their responses together with a list of suggested steps to address any gaps in their practices.

The browser-based tool doesn't require a software download.

Snow GDPR Risk Assessment

Snow GDPR Risk Assessment

The Snow GDPR Risk Assessment provides complete visibility of all devices in use across an organisation, the location of the devices, the people who have access to them, the applications installed on them and whether these applications contain personal data.

It covers on-premise, cloud and mobile devices, users and applications.

The tool identifies more than 23,000 application versions that hold or transmit personal data and flags the devices and applications that are insufficiently protected, whether they're on-premises, cloud or mobile.

Tessian
© Tessian

Tessian

Tessiananalyses historical email data to automatically detect and prevent misaddressed emails. The software uses machine learning to understand the conventional sending patterns and behaviour of users on the email network and identify unusual activity.

The tool retains audit logs of the warning messages it sends to users and the actions those users take, which aligns with the GDPR requirement to introduce and regularly evaluate measures that ensure secure data processing.

GDPR Data Mapper

GDPR Data Mapper

GDPR Data Mapperis an app that helps SMEs identify, classify and report on the data held by their business.

Users enter their company information, the locations where data is held, and the addresses of third-party companies with whom they work and then create a flow diagram of all their company's data processing activities. This can be reviewed, revised and updated when needed.

The app can also be used to manage data subject access requests and to create executive reports for the ICO and insurers.

AOMEI Backupper and AOMEI Partition Assistant for GDPR
© AOMEI

AOMEI Backupper and AOMEI Partition Assistant for GDPR

AOMEIhas created GDPR editions of two of its tools: AOMEI Partition Assistant, which manages and partitions your hard drive, and AMOEI Backupper, which can back up and restore your entire Windows system or your choice of files.

Both products now do no information tracking or collecting, ensuring their use is compliant with GDPR.

ICM GDPR Compliance App
© Icertis

ICM GDPR Compliance App

Icertis has developed a GDPR compliance app based on the Icertis Contract Management (ICM) platform.

The ICM GDPR Compliance App automatically identifies contracts that are not GDPR compliant, creates the appropriate Data Protection Addendums and routes them for approval.

It also assesses whether new contract drafts fall under the regulation before inserting the appropriate data privacy terms and clauses, monitors contractual commitments and tracks data processor obligations.

Data Protection Officers (DPOs) can monitor non-compliant contracts across geographies and contract types via the DPO Dashboard, while data processors can manage their work on a collaboration portal.

Waterline GDPR Data Management Application

Waterline GDPR Data Management Application

Waterline Data has developed an app that automatically discovers and catalogues data that needs to be compliant with the terms of GDPR.

The software locates hidden data and routs it through workflows to determine whether it should be disposed or kept and made compliant. It also generates reports that document and track compliance.

The Waterline GDPR Discovery and Reporting Application can be run on-premise or in a variety of cloud environments.

Collibra data governance platform
© Collibra

Collibra data governance platform

Collibra has updated its data governance platform with a new GDPR Accelerator that helps organisations speed up their preparations for compliance by adding an extended governance operating model tailored for GDPR.

The accelerator includes role-based dashboards that allow users to assess the risk and maturity of their governance processes and trigger workflows for ongoing compliance.

Users can log, manage, and assign the task of reporting data breaches and create diagrams that show how data flows throughout the organisation, which applications use the data sets, and where the data lives.

Collibra has paired this product with GDPR-specific professional services that take clients through a phased approach to GDPR preparations and ongoing compliance.

Accenture Online Training Course
© Accenture

Accenture Online Training Course

Accenture has launched an online training course designed to clarify the complexities of the GDPR in 60 minutes.

The GDPR Fast Track combines animation and graphics in an accessible course for executives who don't have a legal or technical background. It was developed in partnership with regtech company GO DPO and Henley Business School. The course draws on insights from Henley's GDPR Transition Programme.

The programme costs £49.99 per user and can be licensed and tracked across multiple employees to give businesses a record of who's completed the course.

A ten-minute version of the course that costs £4.99 per user is also available for employees who need a more straightforward overview of the regulation.

PORT.im
© PORT.im

PORT.im

PORT.imclaims to be the first end-to-end GDPR compliance solution for SMEs.

The software as a service platform secures internal data and automates responses to data subject requests, from revoking consent to implementing the right to be forgotten.

It integrates into existing technology systems such as customer relationship management software via apps and APIs, and provides dashboard data management and consent hub functions.

Julian Saunders, the CEO and founder of PORT.im, said the product will help companies get greater value from their data while building stronger relationships with their customers.

"Not only does PORT.im aid GDPR compliance, it also opens the door to highly personalised data management, which can give a company much more accurate business intelligence leading to personalised products and services and facilitate more effective marketing and customer service via a single customer view," he said.

Cornerstone OnDemand
© Cornerstone

Cornerstone OnDemand

Cornerstone, a workforce management software company, has launched a GDPR-ready initiative to help clients optimise the use of their data called Cornerstone OnDemand.

The initiative includes strategic privacy consulting, data audits and tailored compliance action plans to help clients navigate GDPR requirements around the deletion, anonymisation, accountability and minimisation of data.

The service will be offered by Cornerstone's Global Privacy team, a group of data security specialists.

Microsoft GDPR Assessments
iStock

Microsoft GDPR Assessments

Microsoft has released two self-assessment tools to help its partners prepare for GDPR: the GDPR Discovery Toolkit and the more comprehensive GDPR Detailed Assessment.

The GDPR Discovery Toolkit uses a multi-step process to discover personal data within an organisation. It then produces a detailed inventory of the data, highlighting personally identifiable and sensitive information.

The GDPR Detailed Assessment is a question-driven assessment tool that helps identify any gaps in customer readiness for GDPR and makes recommendations on how to close these gaps in three categories: People, Process and Technology. It consists of an Excel workbook, a Power BI output file, and a PowerPoint template for customer discussions.

Loom Systems Event Management Platform

Loom Systems Event Management Platform

Loom Systemshas launched an AI-powered product that automatically locates data files deemed high-risk under GDPR.

The event management platform searches logs and unstructured machine data for privacy-protected data and then labels any that it finds as GDPR-sensitive. It can also anonymise any personally identifiable information and delete it when it's no longer needed for its original purpose.

"A centralised logging platform is essential to getting machine data compliance with the EU's General Data Protection Regulation, which will start being enforced this coming May," said Gabby Menachem, CEO of Loom Systems.

"Many companies are going through significant changes as a result of the new regulations, and the efficiency and speed that our AI-powered platform offers can significantly help streamline the entire process if companies want to ensure compliance."

Tealium iQ Tag Management
© Tealium

Tealium iQ Tag Management

Tealium produces a tag management system (TMS) called Tealium iQ Tag Management that lets users implement, manage, and maintain e-marketing tags on their digital properties through a web interface.

"Tag Management is a lot more than just tags. It facilitates data governance," said Jen Brown, director of marketing for EMEA at Tealium.

The system provides visibility into the collection and usage of customer data by stitching it into a single view stem containing all the necessary information from web, mobile and IoT. It includes a built-in privacy manager as well as project management and audit trail features that let users control access, versions and data inheritance when anything is approved by legal.

Tealium creates a consistent data layer. That data can then be mapped from any device to any vendor. Being able to map data accurately enables stronger data access control. Users can then give the right data to the right vendor.

Syrenis Preference Centre
© Syrenis

Syrenis Preference Centre

Syrenis supplies a cloud-based application called Preference Centre that supports enterprise-wide collation and management of consumer preferences across multiple channels and brands.

Preference Centre is designed to provide resilience, security, auditability, flexibility and connectivity for multiple systems.

The nature of data storage means that multiple systems within a company all need to be connected. Preference Centre provides central management for all that data. Like Tealium, it lets users integrate their current solutions into its central hub.

It acts as a one-stop shop for data management, offering cookie management and automatic split testing. It's designed to make it easy for both enterprises and individuals to directly manage their preferences. Granulation supports the easy addition of extra communications channels and simple integrations of new systems and future-proofing.

Evidon Universal Consent Platform
© Evidon

Evidon Universal Consent Platform

Evidon launched its Universal Consent Platform. The unified solution is designed to help organisations achieve GDPR and ePrivacy regulation compliance.

The product gives companies a single transparency and consent platform across desktop, mobile, web and in-app. Users can choose between top-level and deep-dive information on their use and collection of data, and apply consent controls.

It integrates with middleware APIs and first-party datasets and supports single-tag implementation across platforms and geographies in over 50 languages.

It also offers a simple interface for managing new data subject rights such as the right to be forgotten.

MyLife Digital Consentric Platform

MyLife Digital Consentric Platform

The Consentric Platform is an SaaS product that helps fragmented organisations with data siloes and decentralised systems get a single view of permissions across the business.

It provides digital management for the six lawful justifications for data processing, captures, stores and updates data and processes the justifications, integrates with existing infrastructure and connects with customer touchpoints from websites to call centres.

J Cromack, the Practice CEO of MyLife Digital, describes it as a "citizen-centric approach" that asks a series of questions to identify the lawful reasons for data processing: what data has been collected; who is using or has access to the data; when was any permission required granted; where was the captured and where is it stored; and why is the data being collected and for what purpose.

The system provides an audit trail and consent receipts to demonstrate compliance. Users register for the system and can manage their permissions.

The Egnyte Platform
© Egynte

The Egnyte Platform

Egnytehas added support for GDPR compliance to its content collaboration and governance platform.

The platform lets users identify and classify personally identifiable information in each EU country and is compatible with all 24 native languages used in the region.

It helps control content across both cloud and on-premises repositories and supports third-party storage providers including Amazon Web Services, Microsoft Azure, Google Cloud Storage.

Egnyte also offers real-time alerts for any activity around specific types of content to ensure any issues can be dealt with as soon as possible

The company also offers a free risk assessment tool.

Experian GDPR Maturity Self Assessment Tool
© Experian

Experian GDPR Maturity Self Assessment Tool

Experian has rolled out a free GDPR Maturity Self-Assessment tool that lets companies benchmark their readiness for GDPR in less than an hour.

The tool provides advice on three components of the regulation: identity and data cataloguing, data quality scores and data process mapping.

Users can benchmark their preparations against the 14 aspects. Videos offer guidance on the requirement and preparation options at every stage, and advice depending on the importance to the organisation and its state of readiness.

The results can be updated as preparations progress, and compared against other organisations in the sector.

Experian also offers four paid-for packages to help manage GDPR preparations.

Janrain Consent Lifecycle Management
© Janrain

Janrain Consent Lifecycle Management

Customer Identity and Access Management company Janrain launched a Consent Lifecycle Management (CLM) tool in June.

The cloud-based service is designed to support compliance the enhanced consent requirements under GDPR by providing highly-customisable granular consent forms that can be invoked whenever a new purpose requires them.

Consumers receive a clearer understanding of the data processing that they are providing consent for and the areas where they have opted out.

They can review, validate, revoke or edit make other changes to their consent declarations through a dashboard at any time, and download the information as a PDF document.

Leveraging current tools
iStock

Leveraging current tools

Leveraging your existing office solutions can provide some extra help, and in some cases be sufficient for GDPR compliance on their own.

"Just basic stuff can get you through if you can't afford RegTech," said Burgess.

The office tools of databases and spreadsheets are widely available and understood. Collaboration tools add transparency to the wider conversation. Document management systems offer templates and policies.

Video conferencing provides an expedient record of ad-hoc meetings, while project planning and management tools offer a system for administering the GDPR compliance journey.

At the very least their effective use adds evidence that your organisation is taking GDPR seriously.

Copyright © 2018 IDG Communications, Inc.