Frequently Asked Questions
Frequently asked questions regarding privacy regulations and our DataBench Platform
Modern privacy regulations are very broad, and cover many areas like breach notification, security practices and privacy by design. The DataBench platform helps to discover and map where privacy data resides across vast databases and storage systems and then automate and streamline the area of Individual Rights. That is, the rights of a person to request to see, change or remove the data a company is tracking on them, and to exercise control over that data. Privacy data is one of the main areas of exposure to a company and serves as the primary entry point for complaints and fines if not done properly. Storing privacy data also opens the organisation to risks of cyber-attacks and data breaches so it is important to safely secure privacy data and execute Individual Rights properly, and to the degree a company receives many Requests, to be able to do so at scale.
No, the GDPR Regulation within the European Union applies to any company located anywhere in the world where that company is tracking information on EU citizens. Similarly, the California’s CCPA Regulation applies to any company with global revenues greater than US$25M/year, or if you track over 50,000 Californian citizen’s information, or you make over half of your revenue by selling that data. If, as your business grows, you start to take on customers who live in jurisdictions outside of Australia or New Zealand, then toggle-on the applicable country regulations within the DataBench platform to allow those individuals to exercise their local country Rights.
Any information that can identify a person directly or indirectly constitutes Personal Data / Personal Information. Such data can range from artifacts that include banking information (such as credit cards, bank accounts), medical records, social security data (such as passport details, drivers’ licence, tax file number), social media data right down to a computer’s IP address. The handling of public data, private data and work data is all covered under the respective Regulations.
These Request Types refer to the new requirements under privacy regulations that allow an individual, (the Data Subject), to request to see the data that a given company is tracking on them. This includes a very broad set of data tied to that person’s identity in your systems, like website visits, shopping history, demographic information, etc. For most companies, this data resides in multiple back-end systems that may be located across multiple cloud-based storage systems and internal systems. Companies have 30 Days under the APP (Australian Privacy Principles) or 20 days under the NZ Privacy Act 2020 to compile this information and deliver it to the requestor in a format that is understandable. Further, a Data Subject can also ask for that data to be deleted from all systems, or for it to be modified, or for it to be provided in an exportable format, depending on the Regulation applicable to their jurisdiction.
Yes, the DataBench platform will comply with all jurisdictions to provide compliant Data Subject Access Request fulfillment whether the Request is from the authorised individual or their agent. Where an agent provides the Request notification, the DataBench platform can validate the agent’s credentials (such as legal representative, Power of Attorney) prior to fulfilling the Request.
The DataBench platform can interact with any system capable of supporting an API (Application Programming Interface). The DataBench platform uses over 100 pre-built Connectors to most popular CRMs, ERPs, marketing tools, HR Tools, etc. For systems where the DataBench platform does not have a pre-built Connector, we use a flexible API builder that includes standard components like error checking, caching, retries etc.
Yes, the DataBench platform can connect to virtually every type of data system. We have ready-connectors available to many commonly used data sources and we can create customised solutions using restful API interfaces, file exchanges, direct to database connectors, or more commonly a remote software agent to connect to internally developed systems.
In many organisations, legacy applications or printed materials have no possibility of an API connection. In these cases, automation might not be possible. However, the DataBench platform can automatically create a manual Task for your team members to undertake when it is necessary to interact with such data sources.
Yes, the DataBench platform can integrate to your current ticketing / help desk systems and action the results in a fully automated fashion without interrupting your current organisational workflows.
The DataBench Framework Assessment Module includes privacy impact assessments, vendor assessments and NIST / ISO assessments based on the jurisdiction. There is also capability to define custom-specific assessments and report on these.
The DataBench platform supports regulations for Australia, New Zealand, GDPR as well as US States (California, Nevada, Utah, Connecticut, Colorado, Virginia), Canada (PIPEDA and Quebec), Dubai (MENA) and others. We continuously keep the jurisdictions up to date and as more regulations arise, and we add these at no additional cost to our customers.
Although savings brought about by automation will be specific to each organisation, it can be expected that medium size organisations could annually save up to $500K and large organisations could save well over $1M by leveraging the automation and processing efficiencies / accuracies of the DataBench platform.
The DataBench platform provides the Requestor with a Data Subject Portal where individuals (or their authorised agents) are guided through options to help them formulate their Request. Your customers do not need to be knowledgeable about the Regulations, but their Requests are properly structured so you can act on them easily and quickly without having to interact with the Requestor.
The DataBench platform leverages a secure, immutable ledger to log and timestamp all system interactions and changes associated with the Subject Access Request (SAR) operation, including requests, task assignments and task fulfillment. We provide simple graphical reports with flexible filters so you can see and create reports quickly for internal or external purposes such as for audits or legal defence.
The DataBench platform will create common reports that meet with APP and NZ Privacy Act 2020 compliance (or for any other supported jurisdictions) such as average time to complete requests, number of open/closed requests, etc. We also provide complete reporting for any transactional element in the platform such as when a request is accepted or completed. We also provide system reporting for connections that are managing processes and length of time to process. All reporting can be easily exported to spreadsheets or reporting tools, and these reports are provided at no additional cost to our customers.
Yes, the DataBench platform is provided either on our secure, multi-tenant SaaS solution hosted from our Sydney-based datacentre but can also be deployed within a company’s own datacentre (on premise) or within their cloud instances. The DataBench platform is built on Kubernetes and can manage and maintain remote installations while keeping your data secure on your infrastructure.
Yes, some organisations do not require automation as they get very few Requests, or they have very few back-end systems which hold personal data. These companies can still use the DataBench secure portal, task management system, logging, and reporting engine without any connected data sources, whilst supporting manual responses to SARs. This is a cost-effective and more compliant alternative to receiving SARS to an email alias or a simple web form or trying to manage your privacy compliance through spreadsheets. And should you start to receive a lot of SARs, it’s an easy upgrade to start adding automation to the system.
The entire platform is built for variable enterprise requirements and stringent security standards and is driven by a flexible set of APIs so it can be largely tailored to your specifications. We provide support for implementation, set up and customisations and these are billed as Professional Services. We can also tailor training for your staff around your specific customisations.
The DataBench platform sends verification links to any emails or SMS endpoints provided by the Data Subject before a Request becomes ‘verified’ and actionable. The DataBench platform can incorporate many additional verification methods including integration with 3rd-party verification tools including integration to your own authentication systems for your customers and employees. The DataBench platform also offers you the option of requiring the Data Subject to upload ID to assist in the validation process.
As a guideline, as your business grows with 10 or more back-end data systems that contain privacy data AND you get or plan to get at least one Subject Access Request per week then you should consider some level of automation. Back-end systems include CRMs, ERPs, billing systems, help desk and ticketing systems, marketing systems, analytics, e-commerce, applicant tracking systems and payroll systems and more. The first level of automation should cater for validating identities, validating requests, generating tasks, logging, and reporting and this will cut 20-30% of your operational overhead without any systems integration required. The next level of automation is the information gathering and compiling stage and that should cut another 30-40% of your overhead and will require simple data ingestion integration to your systems. The last level of integration is to fully automate changes to back-end systems, and this requires more integration efforts but will help you achieve a fully automated, self-service experience for your customers and employees.
Questions Unanswered?
In case you have additional questions that are not covered here or would like to discuss anything further with us, please contact us at admin@databench.com.au or visit our contact page here.