In May 2018, the new European General Data Protection Regulation (GDPR) started being mandatory for all EU companies. Multi-national companies are also expected to comply.

What is GDPR?

The General Data Protection Regulation (GDPR) of the European Union (EU) took effect for all 28 member states on May 25th, 2018. It was approved by the EU Parliament on April 14th, 2016 after four years of preparation. It replaces the Data Protection Directive 95/46/EC and aims to improve the rights of European citizens and residents in terms of the security and confidentiality of their personal information.

The primary aim of the GDPR is to return control of personal data to all EU citizens and residents across the 28 member states. Personal data is defined by the European Commission as being any information that relates to an individual, “whether it relates to his or her private, professional or public life.” This can range from a simple name to comprehensive medical records, from sensitive bank details to posts made on a social networking site. EU citizens will also have the right to access a readable copy of any personal data held by a company, and also the right to be forgotten by that company, if they so choose.

The GDPR has been designed to reconcile the various data privacy laws existing across the EU member states in order to create a comprehensive and unified compatibility of data protection within the EU. Complying with the new GDPR rules will not be particularly easy for many companies. The compliance requirements are strict, fastidious and demanding, but will have to be met by those companies doing business within the EU, regardless of where they are based worldwide.

Multinational companies in the US are seeing the situation as a top priority in regards of data protection, and most are allocating significant budgets, usually in the millions of dollars range, in an effort to be ready and fully compliant with the new data privacy laws when they come into force. Failure to comply could mean a fine equalling 4% of global turnover for companies, and this could run into many millions in most cases.

The GDPR presents huge challenges for companies operating within the EU. Legal and IT departments especially will be tasked to bring company requirements up to scratch in a timescale that is not particularly generous. It is with this in mind that a number of external companies are now offering a range of solutions to some of the problems created by GDPR.

How can Onna help your organization with GDPR?


Real-time search across multiple repositories

Onna is a platform that provides real-time search across multiple repositories. Quickly respond to any subject access request by searching across the sources you have connected to the platform finding all relevant files, fast. Onna automatically processes and indexes all files associated to the source creating a fully searchable environment. Create a central point of information and fulfill GDPR requests efficiently.


GDPR Compliance made easy

Onna is a discovery tool designed to help organizations take control of their information. Files can be exported or downloaded in original format. When exporting files, you can opt to do so along with a file tracking respective metadata to ensure that everything is done in a defensible way.


Know where to find critical data

Thanks to search using regular expressions, Onna can easily extract personal information, such as social security numbers, EU passports, credit card information, and more. Onna identifies where this pattern of information can be found and helps take action.