Success Story for Privacy Compliance and Data Protection for Global E-commerce Customer (Anchanto)
The Trust Challenge

Key obligations in brief

Pointer

Data breach notification :- If the businesses suffer data breach, businesses ought to evaluate data inventory on impacted systems to know which customers are impacted and have legal obligation to notify.

Pointer

Compliance with privacy laws :- Singapore where it is headquartered, it has data protection regulation and Anchanto needs to assess obligation towards privacy compliance and implement tools and technologies to implement requirements. Anchanto is operational in various other countries such as Malaysia, Indonesia and entering the European market where stricter privacy regulations are in place.

Pointer

Data transfers (Cross geographic compliance requirements) :- Transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection is comparable to the protection under the PDPA, unless exempted by the PDPC.

Pointer

Data retention (Contractual compliance) :- With many customers data retention guidelines are clearly defined in contracts and Anchanto needs to comply with customer data, third party data requirements to take actions like deletion, anonymization. In considering whether an organization has ceased to retain personal data the PDPC will consider the following factors in relation to the personal data.

  • Whether the organization has any intention to use or access the personal data.
  • How much effort and resources the organization would need to expend in order to use or access the personal data again.
  • Whether any third parties have been given access to that personal data.
  • Whether the organization has made a reasonable attempt to destroy, dispose of, or delete the personal data in a permanent and complete manner (Assured Deletion).
The Trust Challenge

Business Problems

With a growing customer base, Anchanto products store personal and supply chain data of customers. In fact, being a B2B business where they do not collect personal data of consumers directly , customer’s customer data (B2B2C) like names, addresses and other personal data fields are stored. Their customers which are businesses often need assurance for security of their data on the platform and also privacy obligations for the same.

Pointer

Data Discovery (Personally Identifiable Information / Sensitive Personal Information / Access & Correction Obligation) :- Know all customer data they manage on the platform (data inventory) to enable them to protect it.

Pointer

Third Party Data Sharing :- Understand data flows across applications and external systems.

Pointer

Data Protection Impact Assessment :- Perform detailed data assessment and create usable data inventory and assess impact of regulatory requirements.

Pointer

Data Retention / Data Deletion :- Business should retain the personal data for only as long as is necessary for business or legal purposes.

Pointer

Data Subject Rights Fulfillment :- Handing Data Subject Requests (referred to as “DSR’s” - correction, updation, deletion, etc.).

Solution (Enable privacy compliance rapidly saving cost of compliance by 75%)

Ardent Privacy’s patented technology “TurtleShield” is an ML and AI-powered enterprise software platform, that helps businesses discover, identify, inventory, map, minimize, and securely delete personal data.

This is achieved by a nimble and oil drilling-like approach to discovery: We created a global map of organizational data, which is subject to “data protection / privacy regulations” and critical to business.

Often there are silos within entities or business and IT teams, and it is challenging to secure a holistic view of the data flow outside the organization and the data flow into the organization, especially when the data is shared with the third parties, like vendors, business partners and many more. We can create a data map, based on the data sharing, to facilitate you to take remedial actions, on the same.

Globally data localization or sovereignty is becoming a standard regulatory requirement. We can create a global data inventory, to facilitate a single pane of glass of personal or sensitive data based on geographies, to enable you to take necessary action on a proactive basis.

This is data hygiene control and we are approaching it from a risk reduction and compliance perspective. We scan large data sets for excess data, using Machine Learning and find out excess data including personal data. This can eliminate operational inefficiencies and save cost by removing the redundant data and legal cost pertaining to regulatory compliance.

Give organizations the ability to comply with obligatory erasure of personal data by allowing them to erase the data on request and validate the deletion.

Search capability in large datasets to fulfill data subject requests and enable it efficiently. The assumption that data only exists in databases and nowhere else is often not a reality, as customer data exists in many sources. Using ML & AI we crawl across data sources and find where PII exists.

Dashboard
Problems Addresses

Featured News, Blogs

Ardent Privacy @ Infosecurity Europe 2024: Security for AI or AI for security?
The 7 principles of Privacy by Design
The Florida Digital Bill of Rights (FDBR): Navigating the New Frontier of Data Privacy

Be the first to catch our latest updates,
happenings and more.

Follow us