GDPR and other PII regulations have dramatically changed how companies handle and are held accountable for the data they collect. Consumers have been empowered to ask companies about the PII information they collect on them, and then have it erased.
The Right of Access and Right to Erasure regulations means companies need to know more about what data they hold.
PII data will be in many locations. How do you perform a risk assessment of your databases and documents? Do you know what information is stored in your log files? How about reports your sales team ran on the database and has stored in a PDF or Excel file? Maybe they copied and pasted part of this report into an email – but how would you know?
Understand your risk
The first step is to know your risk level by understanding where your data is stored in your company and what PII data is stored in it. Then you can answer customer queries:
- What data do you have about me? (Right of Access)
- Please delete that data. (Right to Erasure)
And yes, it must also be deleted from your primary systems, including your VMware system, your employees’ laptops, and any internal file serves. This also includes removing that data from your backups. ioFABRIC software will help you deal with Right of Access and Right to Erasure should your company need to take the next step.
Learn from the experts
I am giving a webinar with Marc Staimer on May 14th and we will be talking about compliance and how our software helps you with PII regulations and ransomware. It’s all about data management and protection. Click here for more info and to register for the webinar.