GDPR Compliance
The most significant change in data protection regulation in 20 years.
How we help you

Are you compliant?

The General Data Protection Regulation (GDPR) is the biggest change in data protection regulation in 20 years. It puts up to EUR20 million or 4% of global annual revenue at risk. If you cannot say for sure whether you manage European Union (EU) citizen data within your own databases or on behalf of clients, then you need to take action now even if you are not an EU company.

GDPR compliance starts with getting a hold of where your data across all of your services and ends with being able to control that data and prove that you are controlling it. Ohalo's Data X-Ray helps you establish a baseline of whether or not you have Personally Identifiable Information (PII) within your data sources and if you do, the Data Protection Router helps you maintain control of that data.

Special categories of data
(Article 9)

Do you know where all of your sensitive data is across all of the data sources that you control?

Ohalo helps identify special categories of data such as race, gender, religion, and more so that you can be sure to remove the data under GDPR. The Data X-Ray establishes a baseline of where sensitive data is on your systems in one click.

  • Find sensitive data immediately on cloud services that you use
  • Easily report on this to regulators, clients, and auditors
  • Integrates easily with the Data Protection Router
  • Right to access
    (Articles 13-15)

    Can you provide access to all of a data subject’s data upon request?

    You may hold PII data about customers in multiple databases and at multiple cloud services. This makes time-bound data access requests difficult to fulfill. With the Data Protection Router you know where your data is and can show that data upon request.

  • Queries to multiple datasources simultaneously
  • Easy to install
  • Map data lineage of PII across multiple databases
  • Right to rectification
    (Article 16)

    Can you update all of the data about a data subject when they ask?

    As with erasure requirements, rectification upon Data Subject request is very difficult even with a small company managing dozens of datasources. For large companies it is even harder. The Data Protection Router allows you to easily request data to be updated wherever it is.

  • Find where data is stored
  • Request data to be rectified through the Ohalo app or API
  • Prove it through a blockchain-backed immutable proof
  • Right to be forgotten
    (Article 17)

    Can you erase data across all of your systems and at third parties with assurance?

    After establishing a baseline of what PII data is where, you can trace where that data has gone with Ohalo's GDPR data lineage tool, the Data Protection Router and request various databases and cloud file storage services to delete that data on your behalf.

  • Hold data no longer or shorter than you should
  • Simultaneous erasure across multiple databases
  • Prove that you have erased data at a certain point in time
  • GDPR Representatives for organisations outside the Union
    (Article 27)

    Are you based outside of the EU? If so, do you have an EU based GDPR representative?

    You must appoint an EU based GDPR representative if you are i) not established in the EU and ii) subject to the jurisdiction of the GDPR. Ohalo's partner, DPR Group, can provide this service and Ohalo users may benefit from a 15% discount using the code 'OHALO15'.

  • Benefit from DPR Group contact locations in each of the 28 EU Member States
  • House your Article 30 processing records in case of Data Protection Authority requests
  • Provide your customers with a superior experience through a branded landing page and response messages
  • Records of Processing Activities
    (Article 30)

    Can you demonstrate how data is being managed inside and outside the organization?

    GDPR Article 30 is about maintaining a record of Data Subject processing activities. It is a requirement to maintain a record of data lineage across both internal and external systems where a Data Subject’s data may be. Such a record is important to demonstrate the state of data management.

  • Demonstrate exactly how data is being used on a granular level not only within your organization but also at data processors that you work with
  • Ensure that the correct metadata about any data relationship updated over time
  • Plug and play and avoid the need for lengthy negotiations or consortium establishment
  • Transferring data to third countries
    (Article 47)

    Can you consistently apply the same corporate rules across multiple entities and ensure that those rules are being applied?

    Modern businesses rely on sending data across borders. Unfortunately this got much more difficult with GDPR. Ohalo's Data Protection Router allows you to deploy access controls in a consistent manner and keep track of how data is flowing across different legal entities and third parties, even if they are in different jurisdictions.

  • Smart contract enforced identities linked to legal entities to ensure that you are interacting with the right data source under the right conditions
  • Automatically maintained log of when data was accessed and by who output through a UI or to your own business information (BI) systems
  • Secure from data request to data fulfillment