GPDR Data Protection Solutions

 

Next Steps
Overview Auditing DPDPA CPRA DLP FERPA GDPR HIPAA PCI DSS DMaaS Static Dynamic Real-Time Test Data/TDM

What is the GDPR?

The General Data Protection Regulation (GDPR), is a privacy law established by the European Parliament to increase security for the personally identifiable information (PII) of EU citizens. Its objective is to return control of personal data to individuals, and to facilitate international business by creating a standard for PII treatment across the EU. The regulation came into full effect on May 25th, 2018, and is serving as a model for similar privacy laws around the world.

Some notable aspects and impacts of the law include:

  • Mandatory appointment of Data Protection Officers for corporations that collect, process or store PII as core activities
  • Notification of a supervisory authority after a breach of personal data (typically not more than 72 hours after the breach was realized)
  • Encourages pseudonymisation (rendering data anonymous or the subject unidentifiable) of personal data assets
  • Supports data minimization rules and the right to erasure ("right to be forgotten") from data collections / searches
  • Provides for data portability so people can move their information from one provider to another, and rectification so their data can be corrected

Of these, "the concept of personally identifiable information [PII] lies at the core of the GDPR," writes the International Association of Privacy Professionals (IAPP). From the GDPR, IAPP specifically refers to Recital 75, which instructs controllers to "implement appropriate safeguards to prevent the 'unauthorized reversal of pseudonymization.'

To mitigate the risk of data breaches and non-compliance, data "controllers should have in place appropriate technical (e.g., encryption, hashing, or tokenization) and organizational (e.g., agreements, policies, privacy by design) measures separating pseudonymous data from an identification key."

GDPR Compliance Software

With these regulations, protecting PII it is not just a good way to safeguard your company's reputation, it's key to your bottom line. Penalties for non-compliance are severe: up to €20,000,000 or 4% of the previous year's worldwide turnover, whichever is greater. Proactive compliance with GDPR law will help protect the data, and proof of that compliance can provide a buffer against sanctions.

For GDPR compliance, as with other data privacy laws worldwide, it is important to have a powerful and extensible technology solution to protect PII. Proven PII discovery and de-identification software in the award-winning:

  • IRI Data Protector Suite, which includes three static data masking (SDM) products -- called IRI FieldShield, DarkShield, and CellShield -- for finding, classifying, extracting, erasing, and otherwise anonymizing (or correcting) PII in structured and unstructured sources through multiple functions like pseudonymization, deletion, encryption, and redaction, plus the ability to deliver data [via search of the above] to comply with portability and rectification requirements, and score re-identification risk and anonymize quasi-identifiers to comply with Article 29 provisions.

and,

  • IRI Voracity data management and governance platform, which bundles all three SDM (shield) products above with data integration, migration, cleansing, reporting, and analytics ...

deliver the rule- and role-based data-centric audit and protection capabilities you need to achieve and prove compliance with the most critical GDPR provisions, especially those involving data pseudonymization and encryption or other anonymization methods involved with PII data masking for GPDR compliance.

The PII dscovery and masking capabilities in IRI GPDR solution software work across any database and legacy / document file format -- as well as image and audio files -- on premise or in your cloud (not ours!). Data never leaves your firewall or domain.

Affordable licensing, implementation, and support services for GDPR data protection are available from authorized IRI representatives throughout the EU and beyond. IRI has also partnered with GDPR Local in the UK to provide a more comprehensive assessment service and remediation solution for companies who need full documentation of GDPR-compliant processes and protections.

Frequently Asked Questions (FAQs)

1. What is the GDPR and why was it created?
The General Data Protection Regulation (GDPR) is a European Union law designed to protect the personal data of EU citizens. It was created to give individuals more control over their data and to establish a uniform data privacy framework across the EU.
2. What types of data are protected under the GDPR?
The GDPR protects any data that can directly or indirectly identify a person. This includes names, email addresses, identification numbers, IP addresses, and biometric or genetic data.
3. How does GDPR affect businesses outside the EU?
Any organization—regardless of its location—that processes or stores personal data of individuals in the EU must comply with the GDPR. This includes businesses offering goods or services to EU residents or monitoring their behavior.
4. What are the penalties for non-compliance with GDPR?
Fines can reach up to €20 million or 4% of the company’s global annual revenue, whichever is greater. These penalties apply to violations such as failure to protect data, delays in breach notification, or lack of proper consent.
5. How can businesses comply with the GDPR’s “right to be forgotten”?
Businesses must have the ability to locate and erase personal data upon a valid request. IRI tools help automate this process by discovering, masking, or deleting data across structured and unstructured sources.
6. What is pseudonymization, and how is it used under GDPR?
Pseudonymization is a method of de-identifying data so that it cannot be linked to a specific person without additional information. The GDPR encourages pseudonymization as a safeguard for privacy and data minimization.
7. How does IRI help organizations find and classify PII?
IRI’s FieldShield, DarkShield, and CellShield tools use built-in and customizable search patterns to locate and classify sensitive data across databases, files, spreadsheets, and document formats. This discovery process is essential for GDPR compliance.
8. What masking techniques does IRI offer to support GDPR?
IRI tools support multiple de-identification techniques, including:
  • Encryption and pseudonymization
  • Redaction and deletion
  • Blurring, hashing, and bucketing
  • These techniques help protect data while preserving analytical utility.
9. Can IRI tools prove GDPR compliance during audits?
Yes. All masking jobs are self-documenting, producing scripts and XML audit logs that show what protections were applied, who ran them, when, and where. This traceability supports GDPR Article 30 recordkeeping requirements.
10. How does IRI support GDPR’s data portability and rectification rights?
IRI software can extract and reformat personal data into standard delivery formats, enabling compliant responses to data subject access requests (DSARs). It also allows corrections to be made across data sources.
11. Can IRI’s GDPR solutions work with unstructured or legacy data?
Yes. IRI tools can process personal data in unstructured formats such as PDFs, DOCX files, emails, and even images or audio files. This includes legacy data that may reside in older systems or formats.
12. How is re-identification risk measured in IRI’s GDPR tools?
IRI FieldShield includes a re-ID risk scoring module that calculates the likelihood of re-identification from quasi-identifiers. It allows users to apply further anonymization (like bucketing or noise injection) to reduce that risk.
13. Can IRI solutions run on cloud environments?
Yes, IRI software runs in your cloud infrastructure or on-premise servers. Your data stays within your domain—IRI does not host or process your data in third-party environments.
14. How can IRI support companies across Europe?
IRI offers affordable licensing and implementation through partners across the EU. For UK-based organizations, IRI also partners with GDPR Local to provide full GDPR compliance assessments and remediation documentation.
Share this page

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.