What is GDPR?
What benefits being GDPR compliant bring you?
Some of the main points that are included under GDPR are:
- All EU citizens, regardless of their location, are included.
- All Companies that target EU citizens, regardless of the company location, are required to comply.
- Personal data or information that can be tracked back to the data subject (EU Citizen) need to be accessible to the data subject such as;
- The data subject must be able to easily view the data being kept about them, and change or delete that data at any time.
- It's a regulation, not a directive, so you will need to comply.
- Personal data includes name, address, national ID number, medical records, DNA, IP address, e-mail address, RFID, HR info, and more
But don’t worry, there are benefits to GDPR.
This tool offers more than the classic "black bar" approach, when pdfSweep redacts a file it does a deep removal, meaning that the redacted content will actually be removed entirely from the file.
pdfSweep offers a few ways to do this, by offering the classic API in which you define areas to be redacted or the more recent feature to allow redaction based on regex patterns.
This API allows you to not only retrieve PDF content and its coordinates, but also all kinds of metadata associated with the PDF content, e.g. which font, font size, color, tagging, ... is used on a certain piece of text.
This allows the user to do a thorough analysis of their documents, which supports them in their data retrieval process.
iText 7 Core has several ways of adding metadata to a file and it also allows you to easily change, read, and delete metadata from a file.
In a nutshell, this is adding semantic information on the content of a PDF file, so that a viewer or processor knows what the content is he is processing.
This construct can also be customized to your workflow meaning you could add markers in PDF files to indicate where personal data is located. This in turn can be leveraged when using text extraction for easy retrieval of marked data.
VI. POWERFUL API
But underneath there is an API that allows a user to finetune everything in a PDF file, this is known as the "low level API". We made the conscious choice to offer both ways to create and manipulate PDF files. This low level API enables the power user to fully customize a PDF file to their needs.
Action plan: change your companies mindset and design by privacy
- Check with your management if there is already a plan in place to be compliant with GDPR.
- Explain to them the benefits of being GDPR compliant, if there is no plan in place yet.
- Make a list of all data captured:
- What do you capture?
- Why is it captured? Is this necessary?
- Where is it stored?
- How long is it stored?
- How is it stored? Has it been secured?
- Clearly state your intent and the duration of data storage. There needs to be a clear goal and purpose to the collection of data.
- Ask your data subjects explicitly for consent - allowing you to collect data - and explain that this consent can be withdrawn at any point. Do not use pre-ticked checkboxes, silence or inactivity.
- Create protection for all personal data allowing each data subject to access all data stored about them in a readable, usable format.
- Offer a user friendly way for data subjects to update their data or request removal of their personal data from your database.
- Offer data subjects a way to opt-out if they no longer want to receive updates. Allow them to be forgotten.
- If you are using third party tools, check with them if they are also GDPR compliant.
- Create a breach policy: what to do if there is a breach, who do you contact (who contacts them), and how do you fix it?
Still have questions about PDF solutions for GDPR?
We're happy to help! Send your questions to us, and we'll get back to you a.s.a.p.