Meet All Major Compliance Regulation Requirements With Ease
Today, organizations are faced with unprecedented challenges in meeting compliance requirements. Through regulations such as GDPR and CCPA, organizations are now required to maintain stricter policies in how they store, maintain, and transmit sensitive data. Rixon’s patented cloud-based Vaultless Tokenization Platform is designed with both the organization and the data owner in mind.
Rixon Technology addresses this challenge with an unprecedented solution designed to meet today’s strictest compliance and regulatory requirements. Through its patented RtBF and RtBR capabilities, Rixon Technology has delivered the first solution to allow organizations to safely meet all compliance requirements, even the ever-difficult deletion requirements found in CCPA and GDPR. Using an industry-first reversible masking capability built on top of the Rixon Technology cloud-native tokenization solution, organizations can now re-grant their clients control of their own PII. This truly revolutionary concept lets data owners ‘hide’ their PII from the organization holding it, making it completely inaccessible, simply with the flip of a switch.
Why is this so important? It allows organizations to meet the very challenging “right to deletion” or “right to erasure” clause of both CCPA and GDPR.
By using this patented data masking solution, organizations get to define when and how they allow end-users to effectively ‘hide’ their PII and be “forgotten.” This unique capability ensures that the process does not conflict with any business-critical operations while allowing organizations to meet these challenging regulatory requirements.
of organizations named “locating unstructured personal data” as the most difficult issue in responding to data subject access requests (including access, deletion, and rectification requests).
of U.S. organizations named “compliance (beyond the GDPR)” as their highest priority, with only 30% of EU respondents selecting it. – IAPP
of US businesses surveyed said that they won’t be CCPA compliant by January 1, 2020, because they feel it’s too expensive to attain compliance. – eMarketer
Right To Be Forgotten: CCPA Vs. GDPR
CPA Right to be Forgotten:
- An organization is required to delete information that it obtained “from” the end-user. If this data is obtained from other sources, it falls outside the scope of the ‘right to be forgotten’ within CCPA.
- Under the CCPA, an end-user can request that the data be forgotten regardless of the purpose for which the data was originally collected.
GDPR Right to be Forgotten:
- GDPR extends to data collected by the organization from the end-user directly or data regarding an end-user that they acquired indirectly.
- End-users can only request for data to be deleted under six specific circumstances.
- Data is no longer necessary.
- The processing was based solely on consent.
- The processing was based upon the controller’s legitimate interest, but that interest outweighed the data subject’s rights.
- The data is being processed unlawfully.
- Erasure is already required by law.
- That data was collected from a minor as part of offering an information society service