Almost all banks and insurance companies have started projects aimed at implementing the GDPR. The objective is to have an auditable solution in use by May 25, 2018.
The determination of deletion deadlines is particularly challenging. Various periods, such as legally prescribed retention periods, must be compared so that the final deletion date can be determined. Another consideration is the variety of IT systems that manage personal data.
PPI AG and ACTICO: Block, delete, and pseudonymize data
PPI AG and ACTICO have established a partnership to implement legal and technological re-quirements. PPI provides business consulting including analysis, conceptual design, technical consulting, and project and test management. The ACTICO Rules software provides the basis for technical implementation, supports companies in modeling rules, and monitors the entire process. The result is the automatic identification of candidates for deletion, blocking, or pseu-donymization and up-to-date reporting.
Best practices in retail banking:
ACTICO and PPI AG have a joint pilot customer from retail banking whose implementation of the GDPR has made considerable progress. This customer demonstrates how legal requirements are linked to personal data and products and identified for deletion, blocking, or pseudonymization.
This sets out the strategies and measures that comply with the principles of data protection by design and data protection by default within the meaning of GDPR.