GDPR Use Cases
Personal Information Provided for Account Opening Process
All customer who opens an account with a bank or financial institution needs to provide personal financial data and contact information upfront. The organization becomes a custodian of this sensitive data and needs to ensure that it is always safe and secure from misuse. The day a customer chooses to close the account, he/she can choose to invoke the Right to be Forgotten. It becomes necessary for the organization to destroy all copies of personal data at the time of account opening. When customers submit information to the organization using the Seclore Data Protection Portal, documents are automatically protected before they reach the organization’s employees. When required, these documents can be inactivated and made inaccessible to everyone in the organization.
Protecting Customer Data Residing in Internal Systems
Customer personal and contact information usually resides in multiple enterprise systems within the organization. Most often, the CRM system maintains a 360-degree profile of the customer that is aggregated from multiple other transactions and analytical systems. The organization has a legal responsibility to ensure this information is secure and always within its control. Data downloaded from any of these applications is the most vulnerable to unauthorized sharing and misuse. With Seclore APIs, any enterprise system can be enabled to protect downloaded files with Seclore. The original application’s permissions will be enforced on the downloaded documents as well. If a user’s access is modified or revoked in the original application, the same will be enforced on the downloaded data. This ‘Policy Federation’ capability ensures that the enterprise application’s security and governance controls are extended to information extracted and shared with anyone, even external partners, and vendors.
Customer Data Shared with External Agencies
Organizations often share their customer data with external agencies who deliver services to their customer base. Sometimes these are value-added resellers, distributors, or service and maintenance services. Customer data is shared with these business partners who need access to it to deliver the service. With Seclore Rights Management, it is always possible to restrict information to be accessed by individuals only to the extent that they need to process the data or deliver the service. It is possible to restrict printing and creating unprotected copies without affecting the normal business process. It is also possible to limit access to a defined period, after which it gets revoked automatically.
Personal Data Shared with Event Planners
Large pharmaceutical companies often have their senior and executive managers attending pharma conferences throughout the year to promote their products and brands. Dedicated event planning agencies and planning services schedule these trips and take care of logistics like visas, ticketing, hotel bookings, etc. Bulk personal information of senior management in the hands of external agencies is a threat to the heavily regulated organization. Seclore Rights Management ensures that all personal information remains accessible only for a limited period and can be retracted as soon as it is completed.
Data Sharing for Overseas Student Exchange Programs
College students who are chosen to attend overseas foreign exchange programs need to share their personal information with the faculty that accompanies them and the overseas institution. This information includes personally identifiable information such as medical records shared with institutions that may be located in under-regulated countries. The educational institution that shares their student’s information is exposed to privacy threats. Personal data protected with Seclore enables the institute to share it with multiple users without losing control. Even data residing on unmanaged networks and devices are safe from misuse and can be revoked at any time.
Obtaining Visas for Employees Through Third Parties
The visa application process for employees traveling to construction sites across the globe is often outsourced to third parties. It requires organizations to collect PII (including passport scans) from their employees to share it with users inside and outside the company. With Seclore, access and usage controls (view, edit, print, share, screen share) can automatically be attached to documents when emailed. Only authorized users can access the document and perform activities. And access can also be set in advance to expire on a specific date or revoked at any time, ensuring data is always under the organization’s control.
