webinar | gdpr: how can content services help you comply?
TRANSCRIPT
Understand the customer’s
access rights under GDPR and
how you can comply
Dan Wingrove, EMEA Presales Lead, Nuxeo
Peter Blenkinsopp, Data Protection Lead, Compliabilitee
1
2
4
3
GDPR, The Rights of the individual
Subject Access Request
Complaints to the ICO
How Can Content Services Help You Comply?
Agenda
Objection
Art. 21
Data Portability
Art. 20
Automated Decision Making
Art. 22Rectification
Art. 16
Erasure
Art. 17
Restriction of Processing
Art. 18
GDPR – The Rights of the Individual
Data Subject Rights
Access
Art. 15
X
Controller can no longer
charge and must comply
without ‘undue delay’ and ‘at
least within one month’.
Controller must use
reasonable means to verify the
identity of the person making
the request. 3
Subject Access Request
4
Access
Art. 15
Data controllers must on request provide a copy of the data undergoing processing and if this request is made
electronically then the information should be provided in a commonly used electronic form.
The purpose of
processing and the
categories of data
processed
The recipients or
categories of recipients
The retention period or
criteria used to
determine this period
The person’s rights of
rectification, erasure, to
restrict or object to
processing
Any automated decision making, including
information about the logic involved and the
significance and envisaged consequences of the
processing on the data subject
Information regarding the
source of the data
The right to lodge a complaint
with a supervisory authority
(ICO)
2016-17
18,354
Complaints to the ICO
Source: ICO Annual Report 2017
2015-16
16,38812%
60%
Subject Access
Request 42%
Inaccurate Data
11%
Right to prevent
processing 7%
Nuxeo
Nuxeo, developer of the leading, cloud-native
content services platform, is reinventing enterprise
content and digital asset management. Nuxeo is
fundamentally changing how people work with both
data and content to realize new value from digital
information.
7Digital Asset Management Document Management Case Management Knowledge Management
Founded in 20088 offices across Europe and US
8
Subject Access Request
As a Customer, Employee,
Citizen, Student…
The rules are changing:
No longer chargeable
Reduced time to respond
Many organisations are
expecting an increase in
requests
Subject Access Request Processing
9
Discovery
Review RespondExceptions
Submit Capture
Bill Matt
Rachel
Request Submitted
10
Customer submits online/paper
based request or letter
Selects preferred method of
delivery
Create Subject Access Request entry
11
Automatically or manually
capture details
Validate and enhance
Initiate workflow & set due date
Automatic notification
Processor performs Customer Discovery
12
System Checklist
Assign for processing
Automated and manual
discovery
Extract & attach output
Information to identify
13
Personally Identifiable Information
Reason for collection and storage
Date originally recorded
Retention and Removal schedule
Access and use within organisation and externally
Generate response for delivery Generate report
Delivery based upon method
selected
Online Account for existing customers
Guest login for non-customers
Print for Face to Face or courier delivery
16
Additional Capability
19
Identity verification processing
Retention, archiving and disposal
PII Detection
Management and attachment of additional
collateral
Information usage
Privacy Policy
Your rights
Other Use Cases
20
• GDPR Process & Compliance
Documentation
• Storage and Management of Customer
documents, correspondance and
reports
• Audit trail of updates and access
• Legal Artefacts