On May 25, 2018, the regulation on the general data protection regulation, or GDPR, came into force. This regulation imposes obligations on all business entities operating within the EU related to the protection of personal data. How can Blue Prism software robots be helpful here?
Based on the Blue Prism technology, we provide our clients with virtual workforces to perform business processes, being cheaper and faster than people. An additional advantage of virtual employees is the fact that they do not make human mistakes and work 24/7.
We are able to teach such a virtual employee to get to any data in any application (without technological limitations) or a web service and perform the activities that result from the business process logic. Thus, we can configure a virtual workers to be automatically activated when an inquiry or request for personal data appears (eg by e-mail or via a website) and to perform the required actions and to finally inform the necessary persons about the data activities.
The advantage of this solution is fast implementation time (in a few weeks the automated process is ready for production launch) and cost attractiveness. Every action made by a robot (a virtual workforce) is recorded in the system, so at any time we are able to present a work log for the needs of audits. Automation of processes using software robots does not require changes to existing applications nor databases. And the work of a virtual employee is several times cheaper than the work of a man. In addition, the virtual worker is not bored with the tedious, repetitive and not developing work of doing routine tasks. So it can be safely said that virtual employees are a very attractive solution to meet the requirements of the GDPR.
The scope of using virtual workforce (robots) to automate the GDPR processes is quite wide and includes, among others, processes addressing:
• the right to be forgotten
• the right to request a transfer of data
• the right to information about the processed data
• the right to inspect personal data
• the right to object to data processing
Deleting personal data
For the needs of our clients, we teach software robots how to search for specific data in all systems, how to delete all traces of data in systems that are both compliant and non-compliant with the GDPR. The automated process of data deletion includes searching in the company’s systems for the location of a given string of customer identification data and their personal data, removing data from each location, informing defined persons and systems about performed activities, preparing reports for audit purposes.
Analysis and verification of personal data
We teach virtual employees how to perform data verification regarding granted and revoked consents to the processing of personal data, control of queuing requests for granting or withdrawal, assigning categories, preparing reports on procedures, making changes and checking compliance in systems.
Transfer of personal data
The robot is able to pick up a data transfer request submitted on a website or by e-mail, search any digital data and prepare a file with personal data in the indicated format and automatically send to the required people or systems.
Reporting personal data breaches
The provisions of the GDPR require the data controller to notify the supervisory authority and individuals about the breach of data within 72 hours after receiving information about the data breach. In addition, companies must notify the administrator, without undue delay, after identifying a personal data breach. Notification to data subjects, however, is not necessary if the data controller has implemented appropriate organizational and technical protection measures, which, for example, will encrypt data so that they are illegible to unauthorized persons. These requirements can be transferred to the work of a virtual employee (robot).
Software robots are great for verifying data occurring in many databases, systems, and in many technologies. They will efficiently remove data from various systems, files, directories, archives and prepare and send necessary reports. They will do it quickly, cheaply and flawlessly and without modifying existing systems. That is why they are so widely used, not only to ensure compliance with the GDPR.