If you’ve read our previous articles about the Rights of Individuals, you already understand that the General Data Protection Regulation (GDPR) requirements cannot be answered with a simple « processing register ».

As a matter of fact, this register generally includes a « simple » business description of the data and their processing : the data values or their multiple localizations are never included and therefore cannot produce what is called an « individual register » gathering the whole data, processing and applications that are linked to an identified person.

The challenge for companies is even greater since :

  • It applies to the full perimeter of data concerned by GDPR : structured databases, electronic documents, websites, sounds, still and moving images, printed documents, etc. ;
  • It’s not just about taking a « picture » of the situation at time t, but also about continuously maintaining the information in order to be able to answer someone’s request at any moment.

This is an impossible challenge to take up without specialized tools !

The two most common types of data

In most enterprises, the need for identification, localization and classification of personal data mainly focuses on technical environments containing structured data on one hand and texts on the other hand.

structured architectureStructured data
The main difficulty with personal data lies in the word « data ». This term indeed doesn’t illustrate the same object according to how you look at data, either from a « business » or from a « technical » perspective : the business mentions « data » as « concepts » (e.g. « customer contact information ») when technicians use « data » for « name », « first name », « address », etc.

Since GDPR is a main concern for enterprises, we advise you to establish the link between the « concepts » defined by business and the technical reality. You first need to create that link, then identify and localize the personal data inside the technical I.S.. This "pincer work" (from business to technical point of view) makes it possible to ensure the completeness of the identification results. The same data may be associated simultaneously with a treatment specified in the GDPR framework or with a data type or application or service, etc.

In order to validate text compliance to GDPR, you need to automatically identify all the data relating to individuals and classify them in the different categories planned by GDPR according to context : you can expect to find medical terms in a medical database but not in an Ecommerce or delivery database.

It should be noted that, depending on the needs, the classification system may be extended to categories other than those provided by GDPR.

Available tools

REAL GDPR Software is developed by Rever and partner GEOLSemantics, the tool covers a very wide range of technical environments and data types : it’s possible to store the produced results and also all the information permitting to find the original source targeted by GDPR. This information is recorded in a database and then can be used by other processes, especially data extraction processes used to answer to rights of the persons, as well as all processes involved with personal data protection.

Find out more

Find out how Rever can accompany you in your compliance tasks towards GDPR. REAL GDPR Software (RGS) is a complete software suite allowing organizations to implement in a flexible and functional way the instructions set by the European regulation.

Read the previous posts in this series



Dominique Orban de Xivry