Simplify GDPR data privacy requests for email communications
GDPR Responder: A Powerful Tool for Data Protection Officers
GDPR Responder, by Dropsuite, helps businesses meet their international data privacy and data protection requirements by helping to safeguard, store, discover, export and delete data; empowering Data Protection Officer’s to easily fulfill time-sensitive compliance requests by allowing them to define who can access particular types of data across the organization to control access, as well as how that data can be managed.
Firms across the world who use email to communicate with European Union prospects, customers and business partners must comply with GDPR (General Data Protection Regulation) privacy and data access mandates. Failure to do so could cost a firm up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher – a number that could easily cause a company to go out of business. The stakes are high, which is why Dropsuite takes great pride in offering our GDPR Responder solution. With GDPR Responder our customers can effortlessly manage their organizations’ critical email infrastructure according to GDPR regulations to safeguard user information, ensure data availability and maintain business email continuity.
How will you Classify, Discover, Review, Take Action and Report on GDPR requests? The answer: With Dropsuite GDPR Responder.
GDPR Compliance for Data Privacy and Security
The GDPR regulations went into effect May 25, 2018 and are actually a series of changes to the original EU regulations published in 1995. There are three major changes to the privacy and information access laws in GDPR that increase the scope and accountability for protecting EU citizen privacy online. Those parts are:
- Increased Territorial Scope
The biggest change to the regulatory landscape of data privacy comes with the increased territorial scope of the GDPR, as it now applies to all companies processing the personal data of data subjects residing in the European Union, regardless of the company’s location.
The penalties have also greatly increased. Under GDPR organizations in breach of GDPR can be fined up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher. This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.
The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.
GDPR Standards Applying to Email Backup
For all firms that have the potential to have email communications with EU citizens, there are several parts of the GDPR standards that apply to backup, archiving and recovery of email, website and related data.* When choosing a backup and restore solution, consider how well the solution meets the following regulations.
Right to Access
Right to be Forgotten
Privacy by Design
Data Protection Officers
Based on the above regulations, it becomes clear that maintaining accurate copies of all email communications and related data between a firm and any EU citizens is essential. This means even keeping records of emails and related data that may have been deleted by users.
That’s why Dropsuite Responder focuses on preservation, maintenance and the ability to apply advanced search to backed up and archived emails, attachments and related data. We are proud to provide our customers with GDPR compliant solutions for email and related data backup, archiving and recovery.
GDPR is serious business; as several large fines have been issued by the EU’s Information Commissioner’s Office (ICO). In July 2019, the ICO announced it fined British Airways $230 million in connection with a significant 2018 data breach. Marriott International was fined $123 million after a November 2018 data breach that exposed personal data contained in approximately 339 million customer records, of which 30 million were residents of the European Economic Area (EEA).
Dropsuite empowers the Data Protection Officer with the ability to navigate the grey areas where GDPR compliance meets businesses compliance — will tools to ensure easy management of regulated compliance responsibilities pertaining to archived business communications, attachments and email.
GDPR Responder Utility Includes:
- Data Protection Officer (DPO): Assign role, review GDPR requests, review/flag/export/delete data, and explain why data can/
cannot be deleted
- Delegated access permissions: Assign and delegate internal/external access permissions for GDPR discovery/review for auditors
- Right to be forgotten: Export a copy of found data under GDPR Article 15-1 for the requester or delete the data under GDPR
article 17-1 that does not conflict with business regulations
- Message level retention and legal hold: Add retentions from 6 months to indefinitely on individual or bulk messages, add legal
holds for indefinite periods on individual or bulk messages
- Compatibility: Compatible with Microsoft Exchange Online, Hosted Exchange and G Suite Gmail
“GDPR enforceability is starting to catch momentum, yet surprisingly, many organizations are still playing the waiting game with regard to implementing GDPR compliance utilities,” said Ryan Nichols, head of product for Dropsuite. “Email ecosystems such as Exchange Online for Office 365 are critical data systems covered under GDPR regulations that require specialized tools to make it easier for administrators to fulfill compliance-related tasks. Doing nothing, or not doing enough, exposes organizations to any number of risks that frankly don’t need to be taken since tools like Dropsuite GDPR Responder for Email Archiving are readily available.”
* Source: EUGDPR.org “GDPR Key Changes”
GDPR Compliance Use Cases
Email Backup and Archiving
GDPR Compliance and Data Protection
GDPR Protection in the Cloud
Experience a Live 15 Minute Demo
See how you can backup data for your business defense