Identify, control and audit the flow of technical documents, to ensure confidentiality and demonstrate EU Data Protection Act Compliance

The European Union (EU) Data Protection Act (Directive) protects worker privacy rights by establishing guidelines to which EU member states must comply when monitoring workforce activity and collecting Personally Identifiable Information (PII). The Directive applies to all “controllers” of personal data by any entity subject to an EU member state’s laws.

The Directive declares, "Member states shall provide that the controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.”

Firms, for example, may collect personal data only for specific, explicit and legitimate purposes, and maintain the data only if it is relevant, accurate and up-to-date. Workers have the right of access to their data, knowledge of where the data originated, and remediation to correct inaccurate data. They may withhold permission to the use of their data in certain situations, and must be given an opt-out procedure. Individuals can have recourse if their data was unlawfully processed.

EU Data Protection Act Compliance Applications

The NextLabs EU Data Protection Compliance solution is a set of applications which include a comprehensive set of pre-built policy libraries and pre-built reports based on the EU Directive guidelines. Policy sets can be easily customized to the environment or used as templates to create new policies. The solution can:

• Identify and monitor access and usage of only those documents critical to legitimate business needs or necessary to detect potential data leakage or compliance violations, in accordance with the Principle of Proportionality underlying EU law.
• Prevent accidental destruction of personal information, and securely destroy personal data when required.
• Identify documents containing personal information, and alert users about policies and procedures for proper handling of private information.
• Manage entitlements to limit access to personnel data on a need-to-know basis.
• Automate information handling to prevent loss and reduce procedural errors.
• Establish information barriers to prevent unauthorized communication of incident data on workers beyond a need-to-know basis.
• Prevent the export of personal information to any non-EU country that does not provide an “adequate” level of data protection.
• Rapidly deploy local policies in accordance with individual EU states to comply with localized rules and enforcement to provide consistent, uniform compliance. 
• Enforce persistent privacy policies on customer or worker personal information when information is distributed to business partners, agents, affiliates and contractors.
• Report on any potential information risks and discover gaps in compliance with personal data protection regulations.