In response to the GDPR European Privacy Act, which was introduced on May 25, 2018, we are pleased to introduce “GDPR Risk Management” and “Post Drafts” functions.
A. Collavate European Privacy Protection – GDPR Risk Management Function
The General Data Protection Regulation (hereinafter referred to as “GDPR”) is a very strong privacy protection law that applies to all companies, even if the company is not located in the EU.
Additionally, if your company has personal information about citizens in EU or even people living in Europe in general, GDPR is a major concern for you. In particular, the penalty for violating GDPR is about 20 million Euros or four percent of your company’s worldwide annual turnover (whichever is larger will be your fine), which poses a serious risk to your company.
We added a flag to allow users to see which files contain secure personal information that meets European GDPR regulations.
How you can utilize GDPR:
Collavate’s European Privacy Protection GDPR Risk Management provides the following four functions:
1. There are three levels of GDPR Risk that can be applied to files containing private information. The higher the level, the more sensitive the information.
2. You can record and share all information collected from individual documents or files.
3. Once applied, GDPR expires based on your company policy. Documents and files whose shelf life has expired is managed separately, so they eventually will be permanently deleted.
4. [Collavate DLP] If you are using real-time DLP (Information Leakage Protection), you can automatically detect documents and files that contain personal information, and automatically set the GDPR risk level and distribution period.
4. [Collavate DLP] If you are using real-time DLP (Information Leakage Protection), you can automatically detect documents and files that contain personal information, and automatically set the GDPR risk level and distribution period.
1. How to Enable GDPR Risk Management Function
You can use the GDPR feature if you have the Collavate Business edition. To turn this feature on, go to the ‘European Privacy GDPR Risk Management’ submenu in the Collavate admin settings.
The default expiration date, which is automatically assigned when applying for the GDPR risk level, is typically 2 years in Europe, but you can set another period according to your company policy.
In addition, you can store personal information for EU GDPR regulations.
2. Personal information risk level management
There are three privacy risk levels provided by Collavate:
Level 1 Indirect Personal Information: Relatively less sensitive, anonymized personal information rather than direct personal information
Level 2 Direct Personal Information: Information that can be personally identified, such as first name, last name, address, email, etc.
Level 3: Very sensitive personal information such as: social security number, account number, blood type, health information, credit cards, etc.
In the case of ‘sensitive personal information’ corresponding to the risk level 3, it is a good idea to lower your risk by making this sensitive personal information (level 3) as anonymized (level 1) as possible.
3. Record and share on the basis of collected personal information (consent history, etc.)
Collavate provides an internal comment feature that allows you to easily notify other users about the risk level as shown below.
Collavate provides the ability to (1) record the collection of files and documents containing personal information and (2) share it with colleagues.
The most important factor of the GDPR regulation is whether the documents containing personal information are collected with the permission of the personal information provider.
Therefore, you must record your consent history when collecting personal information. However, many documents are shared between people, therefore, owner, collaborators, and viewers can be different.
For example, if you collect personal information at the venue of the marketing department with the individual consent of the attendees, and this document is used by the customer’s sales department.
In this case, the personal information collection history is known only to the marketing department.
4. Expiration Date for GDPR
The GDPR regulation policy requires an “expiration period” for personal information. In other words, if you no longer need to use personal information, we will guide you to actively delete and destroy those documents and files in your company.
With Collavate, you can automatically manage internal expiration dates for individual documents and files.
That is, the default GDPR distribution period set by the primary collector is activated at the moment the user applies the GDPR risk level to the file. If necessary, the user can easily change the validity period of the file as shown on the screen.
Changes in expiration dates, including the GDPR risk level, are recorded in the activity history of the callback file, and the history is shared among the person(s) who can view the file.
5. Collavate DLP – Apply GDPR
If you are using the COLLAVATE DLP ‘Corporate Information Leak Detection Function,’ you can automatically assign the GDPR level and expiration date. The following screen shows that Collavate DLP will apply GDPR to the file if the file contains: Phone number, credit card number, or social security number.
In other words, when a keyword or regular expression (such as a credit card number, social security number) related to privacy is found in the contents of a document or file, the GDPR risk level and default expiration date will be assigned in addition to the DLP automatic isolation process.
B. Collavate Post Draft Function
If you write a post in Collavate, it will be automatically saved as a draft every 5 seconds, even before you decide to submit the post.
This saved post will appear in the ‘Draft Post’ menu under the Home submenu. If you write many posts at the same time, each post is saved as a draft, so you can post the draft at any time.
In addition, when you publish draft posts as shown in the screen below, you can select existing groups and decide to post to the selected group.
C. Additional Updates
The mobile web mode Collavate home menu has been moved from the existing bottom position to the left hamburger menu. The post draft feature is expected to be very useful for mobile Collavate users.
