GDPR Compliance, Cassie
Syrenis can help your business become compliant under the GDPR regulation through our Personal Information Platform, Cassie. Cassie ensures there is one central, secure platform to manage personal data, legal basis, consent and marketing preferences.
Allowing you to meet regulations wherever your customers are, globally. Cassie is feature rich and provides an essential bridging system between the multiple information pots held within modern organisations.
The General Data Protection Regulation, (GDPR), is a set of legislation adopted by the EU in May 2018 covering personal data, it’s definition, security requirements and allowed use.
The regulation was brought into practice to protect individual’s privacy as well as unify the way personal data is protected, stored, distributed and used. Personal data is defined in the GDPR as any information that can identify a ‘natural person’, such as their name, email, IP address or physical attributes.
The GDPR applies to any organisation that processes, stores, or transmits personal data relating to EU residents regardless of that organisation’s location. If an organisation breaches the regulation that organisation could be fined between 2% to 4% of their annual global turnover or up €20 million, whichever is the highest value.
Lawful basis organisation need for holding & processing personal data
- Legal obligation
- Vital interests
- Public task
- Legitimate interest
- Special category data
- Criminal offence data
Rights the GDPR provides for individuals
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
GDPR Requirements & Cassie
The GDPR requires organisation’s to be transparent with individuals about the data they hold and take responsibility for keeping information up to date. Basically, the right to be informed of, have access to, and rectify their data.
Syrenis understands that this can be difficult! Your business receives data from various sources, whether that be through web forms, transaction services, email, SMS and so on. Cassie enables a single truth to be created by the production of a homogenized virtual record whist keeping a full audit trail of every detail (including source), from origin to present time, across all your systems. Transparency is enabled using either the fully customisable public portal or by linking the feature rich API to existing access routes. Any corrections can be automatically distributed across the entire eco system of an organisation simply and securely, saving time and money.
The GDPR requires consent for certain activities where other lawful basis may not apply, such as speculative marketing activities. This consent must be able to be proven and shown to have been given freely as part of an informed decision.
Integral to consent within GDPR is the concept of ‘Proof’ and ‘Context’. Cassie has multiple tools to enable the collection of consent in a business positive way, from web widgets to phone apps. Not only does Cassie remove the hurdles from collecting consent and using information, but the management of the process is simple, and the ‘proof/context’ fulfills all global requirements. Offering complete flexibility and multi-tiered granulation, Cassie has been designed to be future proof as communication methods change and is also multilingual, covering all languages (including non-Latin character languages).
The GDPR requires that certain administrative tasks can be requested by an individual at no cost to themselves. This can be the provision of their data (Subject Access Request or right to data portability) or the deletion of their details (right to erasure). These requests must be completed within a reasonable time frame, typically 28 days.
Cassie enables the easy export of all attributed data, pertaining to an individual, via it’s audit reporting features. These are simple to use and can create either a CSV or PDF report. In addition, the SAR management module allows for the tracking of requests where extra information needs to be collated from different areas within an organisation.
If a request for erasure is made, Cassie will flag the data it applies to. The request is then recorded for an administrative update. An administrator will then either provide an explanation as to why the request cannot be fulfilled or confirm the request has been completed. If the request has been completed, Cassie will pass the flagged data through a one-way encryption algorithm. This enables a record to be compared by passing it through the same algorithm if a query is raised in the future but fulfils the technical requirement of erasure.
The GDPR places a great emphasise on accountability and security, requiring organisations to understand on what basis an individual’s data is held, where different aspects are held, how it is accessed and how it is used. An individual’s data should not be accessible without reason and use should be controlled.
Cassie integrates several audit functions to enable the easy cataloguing of what data came from which system and is held at what location. Individual data items can be associated to process control documents such as PIA’s and these can be included in audit reporting.
The optional Cassie modules available such as the ‘Customer Service Portal’ have security and access control features built in from the core with granular permissions and full audit logs of activities. In addition, Cassie is vigilant and looks for unusual activity, this can then be automatically sent to administrators as an alert.
Case study - The Woodland Trust
Syrenis software is trusted by and powers leading enterprises and governments across the globe