GDPR Compliance
It's coming May 2018.

We do what you need to be compliant.
How we help you

Are you compliant?

GDPR is the biggest change in data protection regulation in 20 years. It puts up to EUR20 million or 4% of global annual revenue at risk. If you cannot say for sure whether you manage European Union (EU) citizen data within your own databases or on behalf of clients, then you need to take action now even if you are not an EU company.

GDPR compliance starts with getting a hold of where your data across all of your services and ends with being able to control that data and prove that you are controlling it. Ohalo's Data X-Ray helps you establish a baseline of whether or not you have Personally Identifiable Information (PII) within your data sources and if you do, the Data Protection Router helps you maintain control of that data.

Special categories of data (Article 9)

Do you know where all of your sensitive data is across all of the data sources that you control?

Ohalo helps identify special categories of data such as race, gender, religion, and more so that you can be sure to remove the data under GDPR. The Data X-Ray establishes a baseline of where sensitive data is on your systems in one click.

  • Find sensitive data immediately on cloud services that you use
  • Easily report on this to regulators, clients, and auditors
  • Integrates easily with the Data Protection Router
  • Right to access (Articles 13-15)

    Can you provide access to all of a data subject’s data upon request?

    You may hold PII data about customers in multiple databases and at multiple cloud services. This makes time-bound data access requests difficult to fulfill. With the Data Protection Router you know where your data is and can show that data upon request.

  • Queries to multiple datasources simultaneously
  • Easy to install
  • Map data lineage of PII across multiple databases
  • Right to rectification (Article 16)

    Can you update all of the data about a data subject when they ask?

    As with erasure requirements, rectification upon Data Subject request is very difficult even with a small company managing dozens of datasources. For large companies it is even harder. The Data Protection Router allows you to easily request data to be updated wherever data is stored.

  • Find where data is stored
  • Request data to be rectified through the Ohalo app or API
  • Prove it through a blockchain-backed immutable proof
  • Right to be forgotten (Article 17)

    Can you erase data across all of your systems and at third parties with assurance?

    After establishing a baseline of what PII data is where, you can trace where that data has gone with Ohalo's GDPR data lineage tool, the Data Protection Router and request various databases and cloud file storage services to delete that data on your behalf.

  • Hold data no longer or shorter than you should
  • Simultaneous erasure across multiple databases
  • Prove that you have erased data at a certain point in time
  • Transferring data to third countries (Article 47)

    Can you consistently apply the same corporate rules across multiple entities and ensure that those rules are being applied?

    Modern businesses rely on sending data across borders. Unfortunately this got much more difficult with GDPR. Ohalo's Data Protection Router allows you to deploy access controls in a consistent manner and keep track of how data is flowing across different legal entities and third parties, even if they are in different jurisdictions.

  • Smart contract enforced identities linked to legal entities to ensure that you are interacting with the right data source under the right conditions
  • Automatically maintained log of when data was accessed and by who output through a UI or to your own business information (BI) systems
  • Secure from data request to data fulfillment