API Now! GDPR Edition

Make your GDPR compliance simple!

How to be GDPR compliant?

API Now! GDPR Edition, generic and straightforward, is the solution we designed that can be easily implemented to cover your entire application ecosystem.

Since Webellian’s early days, we always had data privacy at heart of our business. But, not unlike any company in the world collecting, processing and managing the data of EU residents, we had to be ready to comply with the new European regulation GDPR. Addressing real life business scenarios and with common company’s constraints in mind, Webellian has answered the question of "How to ensure GDPR compliance with a low budget, scalability and extensive adaptability?"

The resulting recipe consists in a simple but powerful solution that is generic and flexible enough to ensure compliance of all our present and future systems. API Now! GDPR Edition, generic and straightforward, is Webellian proprietary solution that can be easily implemented to cover your entire application ecosystem.

GET STARTED

  1. Clear consent

    Collect the consent and being able to prove it, manage the consent

  2. Privacy and security

    Pseudonymize or anonymize all personal data, encryption and apply industry-standard security

  3. Processes and DPO

    Being aware of collected data and able to transcribe them to the requestor. Clear process to alert customers and authorities of a data breach.

  4. Right to access and to be forgotten

    Being able to access and delete personal data at any time (audit trail, rectification, deletion)

  5. Right to data portability

    Being able to provide to a third party personal data within a format "understandable by a machine"

Centralization is the key

Empirical evidence demonstrates that in most cases private data is widely disseminated across the entire company application ecosystem. Even though solutions such as micro services and shared databases intend to reduce the number of applications hosting personal data, most of the time personal data remain scattered across multiple applications, locations, storage devices, and backups. That makes it very difficult to be tracked, secured and deleted.

API Now! GDPR Edition mitigates the above by centralizing all identifiable private data in one single place. But it is not just a secured database. With API Now! GDPR Edition toolkit features entail, among others: securitization, scalability, improved data visibility, security and portability, with all functionalities available in one place and accessible by your entire ecosystem (e.g. data usage report or private data deletion).

gdpr-image1.png

A complete solution

API Now! GDPR Edition aims to address all the challenges around GDPR. But its applicability is not limited to GDPR only. API Now! GDPR Edition enables accommodation of any local regulation, thanks to its flexible and generic concept.

Scope covered

a repository of clear and comprehensive information covering all the use cases of personal data usage
a tool facilitating consent collection, in line with your Privacy Policy with opt-in consent for your apps. With GDPR consents must be transparent and indicate what data is collected, how it is collected and how it is used
a tool to store collected consents (as GDPR recognized lawful basis to process the data of a Data Subject), including restriction of processing requests.
in one central repository (it is easier and cheaper to secure one application rather than many)
facilitating subsequent investigation and reporting; only one application needs to be monitored for data breach incidents
for each of your application and so, provide a clear vision to your customer about your usage of his data
a register required by Art.30 GDPR; our tool provides fillable forms, enables real time updates and is easily accessed and represented to external auditors, higher management and stakeholders
API Now! GDPR Edition allows for the personal data to be permanently deleted or removed from systems, when the data is no longer needed for its original purpose or the user withdraws their consent
pursuant to Art. 20 GDPR, with API Now! GDPR Edition you will easily present all the personal data in a structured, commonly used and machine-readable format and will be able to provide your customers with a copy of certain personal information
for a unique credential for all your application

Advantages of our enclave

The enclave is collecting all the personal data. It is highly secured and provides all the needed functionalities for your ecosystem to comply with GDPR. It is proven that this solution can reduce up to 75% the developments to be done on an entire ecosystem.

  • Centralized

    Ease conformity by centralizing private data and consent in one single place

  • Secure storage

    Anticipation and intrusion detection with "ARMOR Anywhere"

    Double encryption system thanks to a customer key

    Shared service to afford more complex and expensive security solution

  • Pseudonymized

    Ensure not reveal identity and sharing it over multiple apps

  • Scalable

    Flexible implementation to develop functionality and reach further worldwide regulation

How to?

API Now! GDPR Edition comes from a full set of tools to ensure your full compliance with GDPR

  • Consent.js

    Widget to be deployed on your front-end. Easy to implement, consent.js will, for you and on all your application, enable all the needed functionalities around the consent.

  • Back-end library

    Available in several languages, this library is to be deployed on your server(s), it will ensure the communication between consent.js and API Now!

  • An API

    Powered by API Now! it allows all the necessary interactions between your system and the enclave to answer all the GDPR challenges.

  • User interface

    Gives you access to all necessary tools to comply with GDPR. It will also allow you to configure all the usages of your ecosystem to offer your end customer a view as simple as possible of the usages he must consent for a given application.

gdpr-image4.png

1. Deploy Consent.js to front-end | 2. Deploy Consent lib to back-end | 3. Store tokens | 4. Get token user data by logging a usage

API Now! GDPR Edition is available in SaaS, as a shared or dedicated instance, or on premise.

Consent in details

Display the consent and manage usages

  • Display the consent and manage usages
  • Gather all usages of your Ecosystem in one bucket
  • Spread usages according to user needs and application functionalities
  • Ensure the usages are always exhaustive and clearly displayed
  • Manage mandatory and optional usages
  • Display a clear consent definition (pop-in, checkbox...)

Store the consent and usages

  • Grant users to edit their data and spread the news to the entire ecosystem (rectification)
  • Track data and ease their capture to answer local regulation (portability, processing register)
  • Allow users to delete data at any time (deletion, oblivion)
  • Automatize data deletion (i.e after 3 years for e-commerce)

Collect the consent and usages

  • Ensure consent is collected before processing any data

Keep a record as a proof of consent

  • Allow processing organizations to demonstrate that they have consent from individuals