GDPR is proving a significant challenge for organisations. The ever increasing use of personal data has started to attract greater attention from authorities but also even early investors in Facebook as people like Robert McNamee and others are calling attention to the super power of corporations and the misuse of data setting the stage for data collection and use to be more scrutinised over the coming decade.
The fundamental principle underlying the GDPR is that personal data should only be used as necessary for the business relationship or for purpose(s) to which the data subject has expressly consented. There are also requirements governing the length
of time for which data is kept, the rights data subjects have regarding the data, how such data is used and also strictures regarding transfer of data.
Organisations are challenged in the main by two things:
Knowing where personal data is within the organization at every point in time and to whom it has been transferred (and the circumstances/agreement regarding such transfer); and
their ability to technically comply including their ability to delete data at any given point (and in particular in compliance with timeframes set by the Anti Money Laundering Directives) and their ability to manage data subject rights and ensure they can trace and evidence data use and transfer within the organization.
IAMAML enables resolution of the technical issues in 2) and for such personal data as is put through the system to be tracked.