GDPR

Archii GDPR software ad -"I love GDPR"

Enable GDPR compliance automatically

Archii finds personal data in all documents across all destinations - from email attachments to local and cloud storages.

Archii GDPR software ad -"I love GDPR"

Enable GDPR compliance automatically

Archii finds personal data in all documents across all destinations - from email attachments to local and cloud storages.

You must be GDPR compliant before 25 May

Money bag-png icon

Fines are up to €20 millions or 4% of your global turnover. To avoid this, you need to know where your personal data is located?

Network icon

Personal data comes in many shapes and sizes and it's located everywhere in your organization.

Not allowed sign- icon

You either look through each and every document or rely on a company policy that no one ever reads.

Archii GDPR software logo -white

Finding personal data in documents across your entire business

GDPR affects all parts of your business

Finding personal data is not the same across businesses and departments. Thankfully, Archii helps you no matter how and where your work:

Eliminate GDPR tasks and do what you love instead

Being a start-up ourselves, we know that you have plenty of things to do. And GDPR is probably not where you want to spend your time.

Archii finds your personal data, so you can build product, go to market, find investors (and all the thousands of other tasks that are on top of your to-do-list).

Start-up description icon png

Get instant overview of former, existing, and potential employees and their personal data

You probably have job applications lying around that are more than 6 months old. And you probably have employee records that are more than 5 years old. Even though you are not allowed to. But don’t stress about it.

Archii automatically finds your applications, resumés, and CVs and highlights specific sensitive data for you to take appropriate actions.

HR office icon

Be in full control of where GDPR data is located throughout your business

You probably implemented new data policies for saving and storing sensitive data. But how do you make sure that employees follow these? At least you need to know and monitor where your business’ personal data is…?

Archii automates this process for you. You can even do ongoing audits to make sure that employees follow your policies.

Compliance icon

Find sensitive data that got caught in the crossfire

Working with sales – customer data is sent to you on a daily basis. Most likely there is a bunch of personal data in your mailbox that needs your attention even though you have better things to do.

Archii loves to give your mailbox this attention, so you can concentrate on what you do best – selling.

B2C process icon

Automate the search for old personal data

As an IT Manager you probably have to spend endless days on retrieving personal data from old servers. And GDPR is to blame.

Archii automatically finds the personal data in the documents and save you the heartache of going through everything.

IT icon

Be on top of all the data you receive from your clients

Think of all the correspondences between you and your clients. Then think about how much personal data you have received through e-mail. Most likely, not all the sensitive data has made it out your inbox. And most likely, you do not have a proper overview of this data.

Archii finds the high-risk documents for you automatically – leaving you to do consulting and nothing else.

Consultant - icon png

GDPR affects all parts of your business

Finding personal data is not the same across businesses and departments. Thankfully, Archii helps you no matter how and where your work:

Eliminate GDPR tasks and do what you love instead

Being a start-up ourselves, we know that you have plenty of things to do. And GDPR is probably not where you want to spend your time.

Archii finds your personal data, so you can build product, go to market, find investors (and all the thousands of other tasks that are on top of your to-do-list).

Start-up description icon png

Get instant overview of former, existing, and potential employees and their personal data

You probably have job applications lying around that are more than 6 months old. And you probably have employee records that are more than 5 years old. Even though you are not allowed to. But don’t stress about it.

Archii automatically finds your applications, resumés, and CVs and highlights specific sensitive data for you to take appropriate actions.

HR office icon

Be in full control of where GDPR data is located throughout your business

You probably implemented new data policies for saving and storing sensitive data. But how do you make sure that employees follow these? At least you need to know and monitor where your business’ personal data is…?

Archii automates this process for you. You can even do ongoing audits to make sure that employees follow your policies.

Compliance icon

Find sensitive data that got caught in the crossfire

Working with sales – customer data is sent to you on a daily basis. Most likely there is a bunch of personal data in your mailbox that needs your attention even though you have better things to do.

Archii loves to give your mailbox this attention, so you can concentrate on what you do best – selling.

B2C process icon

Automate the search for old personal data

As an IT Manager you probably have to spend endless days on retrieving personal data from old servers. And GDPR is to blame.

Archii automatically finds the personal data in the documents and save you the heartache of going through everything.

IT icon

Be on top of all the data you receive from your clients

Think of all the correspondences between you and your clients. Then think about how much personal data you have received through e-mail. Most likely, not all the sensitive data has made it out your inbox. And most likely, you do not have a proper overview of this data.

Archii finds the high-risk documents for you automatically – leaving you to do consulting and nothing else.

Consultant - icon png

3 easy steps to GDPR compliance

1.
With or without your input, Archii finds person names within your documents.

Archii GDPR software compliance first step

2.
Archii matches all person names with high-risk keywords and personal identification numbers.

Archii GDPR software compliance second step

3.
Archii gives you a full overview of all sensitive documents and their destinations and allows you to request employees to explain or delete high risk documents.

Archii GDPR software compliance third step

Pricing

START-UP

495 DKK

  • Free preview of the results
  • 1-5 users and 1 admin.
  • Access to GDPR templates.

MEDIUM

995 DKK

  • Free preview of the results
  • 6-20 users and 1 admin.
  • Access to GDPR templates.

LARGE

995 DKK

  • Plus DKK 160 per extra user above 20 users.
  • Access to GDPR templates.
  • Demo or preview.

ENTERPRISE

Contact us

  • >50 users.
  • Free demos and test teams.
  • Offer of local server and more admins.

Information about GDPR

What is GDPR

The General Data Protection Regulation (GDPR) 2016/679 is a regulation from the EU on data protection and privacy for all individuals within the EU. Most importantly it sets out requirements for:

  • the handling of personal data,
  • which data is considered personal data,
  • how long you can store personal data,
  • which companies are covered by the regulation,
  • and the remedies available to the authorities.

What is personal data?

Within the GDPR, “personal data” means: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

In plain words, it means that all data that can identify a natural person is considered personal data and has to be handled in accordance with the GDPR.

Identification of personal data

One of the key challenges of the GDPR is to identify the personal data across a company. Especially data that is “unstructured” meaning that it is not in a database. This data is mainly data found in documents. For instance, a CV will most likely contain personal data AND be received by e-mail thereafter to be circulated in the company.

Reports show that your top 5 risk locations are:

  1. E-mails
  2. File storages
  3. ECM systems
  4. Cloud apps
  5. Mobile devices

#1 and #2 locations are un-supervised (and unstructured) locations and mainly rely on individual employees.

What is new about GDPR?

The GDPR replaces the old directive in general and some new or modified concepts are important to highlight:

  1. Increased Territorial Scope (extra-territorial applicability)
  2. Penalties
  3. Consent
  4. Breach Notification
  5. Right to Access
  6. Right to be Forgotten
  7. Data Portability
  8. Privacy by Design
  9. Data Protection Officers

1. Increased Territorial Scope (extra-territorial applicability)

GDPR will now apply to companies in AND outside the EU, if data about EU citizens are handled. If you are a company not established in the EU, it applies where the data activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU.

2. Penalties

A company in breach of the GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).

3. Consent

Consent to handle personal data must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.

4. Breach Notification

In the event of a data breach, you are required to inform the relevant data authority. This must be done within 72 hours of first having become aware of the breach.

5. Right to Access

A data subject can now request access to all personal data concerning said person that is being processed, including where and for what purpose. As a company, you need to provide a copy of the personal data, free of charge, in an electronic format.

6. Right to be Forgotten

The right to be forgotten enables a data subject to require that a company erases his/her personal data, ceases further dissemination of the data, and potentially have third-parties stop processing the data.

7. Data Portability

This is a right for the data subject to require the transfer of his/her personal data to another “controller”.

8. Privacy by Design

If you are building systems, “privacy by design” calls for privacy to be taken into account throughout the whole engineering process. It is not a new concept but has now found its way into the GDPR itself.

9. Data Protection Officers

Certain (and most active) companies will be required to appoint a “Data Protection Officer” (a DPO).

What is sensitive personal data?

Certain personal data types under the GDPR is considered “sensitive data”.

This is defined as personal data revealing:

  • racial or ethnic origin,
  • political opinions, religious or philosophical beliefs, or
  • trade union membership,

and the processing of:

  • genetic data, biometric data for the purpose of uniquely identifying a natural person,
  • data concerning health, or
  • data concerning a natural person’s sex life or sexual orientation.

Handling of such sensitive data is prohibited as a starting point but can be allowed in certain circumstances in accordance with article 9(2) of the GDPR.

Information about GDPR

What is GDPR

The General Data Protection Regulation (GDPR) 2016/679 is a regulation from the EU on data protection and privacy for all individuals within the EU. Most importantly it sets out requirements for:

  • the handling of personal data,
  • which data is considered personal data,
  • how long you can store personal data,
  • which companies are covered by the regulation,
  • and the remedies available to the authorities.

What is personal data?

Within the GDPR, “personal data” means: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

In plain words, it means that all data that can identify a natural person is considered personal data and has to be handled in accordance with the GDPR.

Identification of personal data

One of the key challenges of the GDPR is to identify the personal data across a company. Especially data that is “unstructured” meaning that it is not in a database. This data is mainly data found in documents. For instance, a CV will most likely contain personal data AND be received by e-mail thereafter to be circulated in the company.

Reports show that your top 5 risk locations are:

  1. E-mails
  2. File storages
  3. ECM systems
  4. Cloud apps
  5. Mobile devices

#1 and #2 locations are un-supervised (and unstructured) locations and mainly rely on individual employees.

What is new about GDPR?

The GDPR replaces the old directive in general and some new or modified concepts are important to highlight:

  1. Increased Territorial Scope (extra-territorial applicability)
  2. Penalties
  3. Consent
  4. Breach Notification
  5. Right to Access
  6. Right to be Forgotten
  7. Data Portability
  8. Privacy by Design
  9. Data Protection Officers

1. Increased Territorial Scope (extra-territorial applicability)

GDPR will now apply to companies in AND outside the EU, if data about EU citizens are handled. If you are a company not established in the EU, it applies where the data activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU.

2. Penalties

A company in breach of the GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).

3. Consent

Consent to handle personal data must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.

4. Breach Notification

In the event of a data breach, you are required to inform the relevant data authority. This must be done within 72 hours of first having become aware of the breach.

5. Right to Access

A data subject can now request access to all personal data concerning said person that is being processed, including where and for what purpose. As a company, you need to provide a copy of the personal data, free of charge, in an electronic format.

6. Right to be Forgotten

The right to be forgotten enables a data subject to require that a company erases his/her personal data, ceases further dissemination of the data, and potentially have third-parties stop processing the data.

7. Data Portability

This is a right for the data subject to require the transfer of his/her personal data to another “controller”.

8. Privacy by Design

If you are building systems, “privacy by design” calls for privacy to be taken into account throughout the whole engineering process. It is not a new concept but has now found its way into the GDPR itself.

9. Data Protection Officers

Certain (and most active) companies will be required to appoint a “Data Protection Officer” (a DPO).

What is sensitive personal data?

Certain personal data types under the GDPR is considered “sensitive data”.

This is defined as personal data revealing:

  • racial or ethnic origin,
  • political opinions, religious or philosophical beliefs, or
  • trade union membership,

and the processing of:

  • genetic data, biometric data for the purpose of uniquely identifying a natural person,
  • data concerning health, or
  • data concerning a natural person’s sex life or sexual orientation.

Handling of such sensitive data is prohibited as a starting point but can be allowed in certain circumstances in accordance with article 9(2) of the GDPR.