...
Navigate to "Manage apps", find "GDPR Data Protection and Security Toolkit" section and click on "Data Cleaner" (at the bottom of the menu on the left).
Get to the Data Cleaner Dashboard from the GDPR Data Protection and Security Toolkit Home page: click on the "Data Cleaner" button.
The Data Cleaner Dashboard provides an overview of all created templates with their description and current status and allows to:
Start or stop search.
Start or stop anonymization.
...
On the Data Cleaner Status and History page, it is also possible to start or stop search or anonymization. In order to initiate a new task or cancel a currently running one, click on the button at in the top right corner of the Data Cleaner History page.
If you stop a current anonymization task, the status will be changed to "Anonymization canceled".
If you start a new anonymization task, the status will be changed to "Anonymization started".
If you stop a current search task, the status will be changed to "Search canceled".
If you start a new search task, the status will be changed to "Search started":
...
You can create your own Custom template with different rules, or either use Predefined predefined templates.
Predefined templates
...
The Data Cleaner module has 100+ built-in patterns: national IDs, SSNs, phone, and credit card numbers for the majority of EU countries.
...
Image: Built-in PII patterns overview in GDPR (DSGVO) and Security for Confluencein Data Protection & Security Toolkit Confluence (DLP)
To use the filter start typing the name of the country or the personal data type, and the system automatically will show existing built-in patterns.
...
Choose the preferable option and click "Save". Now your template is ready for use.
CCPA and GDPR references
The main GDPR principles include "Data minimization" and "Storage limitation". According to Article 5, personal data must be "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)". This highlights the importance of having personal data usage under control. In other words, DPOs or other employees responsible for data protection must be aware when such data appear and perform and monitor further necessary activities, such as deleting data (if the data are outdated or no longer required, if the term of storage is over or the purpose of data processing is no longer relevant) or notify employees if they are not GDPR compliant and need to address the issue.
The reference to the "right to be forgotten" can be found in Article 17 of the GDPR: "The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies[1]:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data have been collected in relation to the offer of information society services referred to in Article 8(1)".
It means that if an EU citizen requests to have their personal data erased, a company should be able to track and delete them within the established time frame unless there are legal grounds to keep this informationWith help of our app, you can, for example, comply to following guidelines:
Use case | CCPA | GDPR |
---|---|---|
You, as a business, must delete some kind of personal information according to | Requirement under “right to deletion”: Upon a valid consumer’s request to delete personal information, a business must direct any service provider to delete consumers’ personal information. | Requirement under the “right to erasure” or “right to be forgotten”: Data subjects have a right to request erasure to the controller. Upon a valid request for erasure, controllers are obligated to take reasonable steps to have processors erase data. |