Leveraging Data Classification to Enable GDPR/CCDP Data Subject Requests
Regulatory requirements are driving organizations to clearly define processes to manage personal data requests from data subjects [1], which in turn requires clear data classification and disposition controls in the environment. Chief among these regulations is the EU Global Data Protection Regulation (GDPR) but following suit later this year is the California Consumer Privacy Act (CCPA).
A key component of these regulations, with some nuances between them, is to assure data subjects of the control, use, protection and privacy of their personal data. To do this, GDPR empowers data subjects with specific rights. These rights enable data subjects to make specific requests and be assured that their personal data is only used for approved purposes for which it was provided. They include the right to access and rectify data collected on the data subject, the right for erasure of personal data, and the right to object to the data subject’s information being used.
These data subject rights provide the foundation for GDPR and CCPA compliance and an organization, the . . .
[The rest of this blog is continued as a guest blog by GRC 20/20 on the InfoGoTo site]