Are you a mechanical engineering company, an automaker or a medium sized industrial company? The industrial sectors processes personal data on a large scale. It is not just about the data of customers, suppliers and employees, it is also about the machine data, which can contain a reference to a person. Such a reference does not seem to exist at first. However, the GDPR defines personal data as "any information relating to an identified or identifiable natural person; a natural person is considered as being identifiable, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified ".
If machine data contains location data or other unique identifiers such as the machine name and these unique identifiers can be referenced to persons such as the machine operator or support technician, one must ensure compliance with the applicable data protection laws. If a personal reference can be derived from machine data the GDPR may apply. Machine data can be used to gather information about people which may allow e.g. for a behavioral and performance analysis. The number of such processes, in which machine data or device data can have a reference to a person, are substantial. In particular since the Industrial Internet of Things and Industry 4.0 have significantly increased data creation and collection.
On receiving a data subject access request, industrial companies must go through a (currently purely manual) process and look for possible personal data. Against the background of the new rights of data subjects, companies in the production industry should prepare by automating these processes.
As an industrial company you want to receive the request as standardized and automated as possible. The DataProtectionMS platform generates the necessary input forms for you, which can easily be integrated into your existing website or other web-based portals.
The frontend receives the request from employees, customers, suppliers and other stakeholders. Depending on the requirement, a form can be used for all groups or forms can be generated which are adapted to specific groups (for example, employees) .
The DataProtectionMS dashboard gives you a quick overview of the pending requests, their processing time, and the status of your compliance. This means that the management, the data protection officer and the compliance officers are always in a position to provide information about the company´s conformity with Article 15 of the GDPR. By means of an export function, the data protection authorities can be given fast and transparent information for audit purposes. Long-lasting coordination processes and on-site checks can be avoided.