Secure GDPR compliance with Cassie
GDPR Compliance, Cassie
We can help your business ensure GDPR compliance through our Personal Information Platform, Cassie. Cassie provides one central, secure compliance platform to manage personal data, legal basis, consent and marketing preferences.
Our GDPR consent and preference management solution allows you to meet regulatory requirements wherever your customers are globally. Many organizations are faced with the challenge of how to synchronize their separately stored data from various siloed databases and systems; and consolidate them into one true compliant source. Cassie is feature rich, provides data mapping between the multiple sources held and provides a holistic view of an individual’s consent and preference history.
What is GDPR Compliance?
The General Data Protection Regulation, (GDPR), is a set of legislations adopted by the EU in May 2018 covering personal data, it’s definition, security requirements and allowed use.
The regulation was brought into practice to protect individual’s privacy as well as unify the way personal data is protected, stored, distributed and used. Personal data is defined in The GDPR as any information that can identify a ‘natural person’, such as their name, email, IP address or physical attributes.
The GDPR applies to any organisation that processes, stores, or transmits personal data relating to EU residents regardless of that organisation’s location. If an organisation breaches the regulation that organisation could be fined between 2% to 4% of their annual global turnover or up €20 million, whichever is the highest value.
Lawful basis organisation need for holding & processing personal data:
- Legal obligation
- Vital interests
- Public task
- Legitimate interest
- Special category data
- Criminal offence data
GDPR provides the following rights for data subject individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
GDPR Requirements & Cassie
The GDPR requires organisations to be transparent with individuals about the data they hold and take responsibility for keeping information up to date. Basically, the right to be informed of, have access to, and rectify their data.
Syrenis understands that this can be difficult. Your business receives data from various sources, whether that be through web forms, transaction services, email, SMS and so on. Cassie enables a single version of the truth to be created by the production of a homogenized virtual record, whilst keeping a full audit trail of every detail (including source), from origin to present time, across all your systems. Transparency is enabled using either the fully customisable public portal or by linking the feature rich API to existing access routes. Any corrections can be automatically distributed across the entire ecosystem of an organization simply and securely, saving time and money.
The GDPR requires consent for certain activities where other lawful basis may not apply, such as speculative marketing activities. This consent must be able to be proven and shown to have been given freely as part of an informed decision.
Integral to consent within GDPR is the concept of ‘proof’ and ‘context’. Cassie has multiple tools to enable the collection of consent in a business positive way, from web widgets to phone apps. Not only does Cassie remove the hurdles from collecting consent and using information, but the management of the process is simple, and the ‘proof/context’ fulfils all global requirements. Offering complete flexibility and multi-tiered granulation, Cassie has been designed to be future proof as communication methods change and is also multilingual, covering all languages (including non-Latin character languages).
Granular level audit reports
The GDPR requires that certain administrative tasks can be requested by an individual at no cost to themselves. This can be the provision of their data (Subject Access Request or right to data portability) or the deletion of their details (right to erasure). These requests must be completed within a reasonable time frame, typically 28 days.
Cassie enables the easy export of all attributed data, pertaining to an individual, via its audit reporting features. These are simple to use and can create either a CSV or PDF report. In addition, the SAR management module allows for the tracking of requests where extra information needs to be collated from different areas within an organization.
If a request for erasure is made, Cassie will flag the data it applies to. The request is then recorded for an administrative update. An administrator will then either provide an explanation as to why the request cannot be fulfilled or confirm the request has been completed. If the request has been completed, Cassie will pass the flagged data through a one-way encryption algorithm. This enables a record to be compared by passing it through the same algorithm if a query is raised in the future but fulfils the technical requirement of erasure.
Case Study: The Woodland Trust
The Woodland Trust are the UK’s Largest Woodland Conservation Charity. Their mission is to create, protect and restore the native woodland heritage of the UK. Learn how The Woodland Trust are benefiting from implementing Cassie for GDPR compliance and enhanced supporter experiences.
Trust in your data
The GDPR places great emphasis on accountability and security, requiring organizations to understand the basis on which an individual’s data is held, where different aspects are held, how it is accessed and how it is used. An individual’s data should not be accessible without reason and use should be controlled.
Cassie integrates several audit functions to enable the easy cataloguing of what data came from which system and is held at what location. Individual data items can be associated to process control documents such as PIAs and these can be included in audit reporting.
The optional Cassie modules available such as the ‘Data Subject Portal’ have security and access control features built in from the core with granular permissions and full audit logs of activities. In addition, Cassie is vigilant and looks for unusual activity, this can then be automatically sent to administrators as an alert.