Convercent’s Compliance Solution for the GDPR

Finding Fidelity

BIG DATA LEGISLATION CHANGES WENT INTO EFFECT ON MAY 25, 2018… IS YOUR COMPANY COMPLIANT?

The Global Data Protection Regulation (GDPR) represents the most sweeping change to data legislation in decades, designed to protect citizens’ rights. While the new requirements originated in the EU, the impact is global.

GDPR applies to ALL companies processing the personal data of EU citizens – including third-party vendors – regardless of the company’s location.

Now, thousands of global organizations are required to comply with these new regulations, which affect how personal identifiable information (PII) is obtained, used and protected.

It’s a big change for any global organization, but with the right tools and capabilities, your program can continue to thrive.

UNDERSTANDING GDPR REQUIREMENTS

Ethics and compliance programs need to be aware of 4 important areas covered by the GDPR:

Privacy by Design

  • Data protection must be included from the outset of system designs, rather than as a late addition.
  • Access and changes to PII must be tracked.
  • Restricted access on any sensitive PII must be included.
  • Minimum data, crucial for whistle-blower hotlines, can be held and processed when absolutely necessary.

Consent

  • Must be provided in an intelligible form using clear and plain language.
  • Easily accessible – not buried in an employment contract.
  • Easy withdraw of consent must be available.

Right to Access

  • An employee/reporter can get confirmation on whether their personal data is being processed, where and for what purpose.
  • Copy of personal data in electronic form must be provided, free of charge, upon request.

Right to be Forgotten (aka Data Erasure)

  • At request or after withdrawing consent, personal data will be erased, further dissemination of the data will cease and, potentially, third-parties will stop processing the data.

CONVERCENT’S SOLUTION TO THE GDPR

Our new offerings will enable customers to comply without sacrificing the fidelity of their valuable data history.

Philip Winterburn, Chief Product Officer at Convercent

Convercent’s new enhancements are integrated directly into the existing Ethics Cloud platform, designed to target the biggest challenges of GDPR compliance.

Data Owner

Fidelity

Convercent is loyal to our customers and that means finding solutions for changing regulations. With the GDPR, organizations are required to remove PII at the data providers’ request.

Using Convercent’s new features, customers can redact only sensitive information subject to GDPR, while preserving important context and maintaining overall data fidelity.

Flexibility

Convercent is committed to providing ongoing innovation for global customers, which means enhanced GDPR capabilities regardless of size or industry. Not only is Convercent providing solutions for GDPR compliance, but these new features have been implemented with unmatched flexibility and customer control.

Redaction

The GDPR introduces the right for individuals to have their persona data erased under the Right to be Forgotten principle. While compliance is mandatory, losing surrounding data can hurt a program’s ability to identify patterns and potential hotspots where attention may be necessary.

Convercent’s new Redaction capability allows customers to erase PII and replace it with black marker within the Convercent platform. With this tool, analytics can still be performed on this issue reported, but all confidential PII information is hidden.

COMPLYING WITH THE RIGHT TO BE FORGOTTEN

GDPR gives individuals the right to have their personal data erased. While this “Right to Erasure” does protect the individual, compliant organizations, unfortunately, run the risk of losing precious historical data.

The lost data can be critical for future analysis or investigations. Erasing the PII of an individual is not problematic, but losing the data around reporting could allow for slips in your program. Compliance needs to be especially careful about their retention of data related to whistleblowing reports under GDPR.

Luckily, Convercent has added new features that let customers stay GDPR compliant without losing critical, historical data.

Erasing personal data can make it harder to conduct investigations, establish patterns of behavior and keep track of past issues.

Katie Smith, the Chief Ethics and Compliance Officer at Convercent

Read the full article: “The Morning Risk Report: GDPR Compliance Could Hamper Internal Probes” in The Wall Street Journal >>

PRESERVING THE RIGHT TO ACCESS PERSONAL DATA

Often times, data subjects are unaware of…

  • What personal data is being collected?
  • Where personal data is being collected?
  • How personal data is being used?

Part of the expanded rights of data subjects outlined by the GDPR is the right to obtain confirmation (free of charge and in electronic format), as to whether or not personal data concerning them is being processed, where it is being processed, and for what purpose.

This marks a dramatic shift in data transparency, and also brings to light potential consequences for HR and whistleblower hotline-type data processing. For example…

By exporting Convercent’s oData reports, a company can find cases where an employee is listed as a reporter (when reported with full disclosure of contact information) or as an involved party, with all their policy attestations, and course completions, as well as employee/HR data being stored in Convercent.

MEETING THE PRIVACY BY DESIGN REQUIREMENT

Convercent’s Ethics Cloud platform enables global companies to comply with GDPR regulations without compromising the integrity of the overall case and campaign data which is essential for a successful compliance program.

Michael Rasmussen, industry pundit with GRC 20/20

GDPR demands that data protection can no longer be an afterthought when creating systems for assessing, editing and deleting personal data.

Convercent meets the “Privacy by Design” requirement by providing data protection from the outset of design in our platform. Specifically, measures for restricted access in data redaction have been carefully and thoughtfully implemented within the Ethics Cloud Platform:

  • Access Personal Identifiable Information while tracking changes – whether an edit or a redaction.
  • Activate redaction licensing is available as a system setting.
  • Limit redaction access by role.
  • Assign redaction capabilities for individuals with specific roles.

In short, Convercent’s platform gives customers the ability to easily track changes, control access, and manage personal data through the design and development of new products and services.

Additionally, Convercent’s Audit Program maintains a record of redaction events, while removing any historical reference to personal information.

LEARN MORE ABOUT CONVERCENT’S PRODUCTS

CONVERCENT’S SOLUTION FOR THE GDPR = YOUR OPPORTUNITY TO OPERATIONALIZE ETHICS

With these additional regulations and requirements, your business has the opportunity to operationalize ethics and compliance as a mainstay within the company. By putting these values first, companies are showing their customers and employees how important they are to the company at large.


Watch this webinar for practical guidance on how to make GDPR compliance efficient, effective, and agile in your dynamic and distributed business environment.

WATCH NOW

In this free eBook, you’ll find an overview of the GDPR regulation along with necessary steps for complying, and an introduction to the tools that make it simple.

DOWNLOAD NOW

This easy-to-follow Q&A eBook explains how the GDPR affects your business and what you can do to meet the requirements outlined in the 9 principal changes.

DOWNLOAD NOW

DISCLAIMER: This website is neither a magnum opus on EU data privacy nor legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand how Convercent has addressed some important legal requirements. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy.