R E G U L A T O R Y C O M P L I A N C E
Enabling Technologies for Financial Services
AMLInfo a CubeIQ Limited Division
Welcome to AMLInfo Web Site for Regulatory Compliance Technology - AML & Compliance Products and Services.
>> PCS™ GDPR Compliance™
PCS™ GDPR Compliance Application [R01]
General Data Protection Regulation
The General Data Protection Regulation – GDPR, Regulation (EU) 2016/679 of 27 April 2016 is a European Regulation (Law) on natural persons - individuals data protection and privacy in the European Union (EU) and European Economic Area (EEA). The GDPR's primary aim is to enhance individuals' control and rights over their personal data and to simplify the regulatory environment for international business.
The regulation applies to all Legal Entities of any form established or operating in the EEA and to all Legal Entities outside EEA that process Personal Data, including just storage of such Personal Data, of individuals (or Data Subjects) located in EEA, regardless of their citizenship. The regulation addresses also the transfer, for any purpose, of Personal Data outside the EEA areas.
The regulation applies to both companies acting as Data Controller (an organization that collects data from EU residents), or acting as Data Processor (an organization that processes data on behalf of a data controller).
GDPR contains provisions and requirements related to the processing of Personal Data of individuals located in the EEA one of which is the right to have their Personal Data erased (GDPR Article 17), also known as the “right to be forgotten”.
Individuals have the right to request from a controller the erasure of all Personal Data concerning him/her without undue delay and the controller has the obligation to erase all Personal Data without undue delay in a number of conditions described in the regulation text, among which are:
(a) The withdrawal of consent on which the processing is based and(b) Erasure due to compliance with legal obligation dictating that Personal Data storage time should not exceed the maximum allowable Personal Data storage time.
PCS™ GDPR Compliance
In order PCS™ users to meet GRPR Article 17 obligation, CubeIQ has develop a software application titled PCS™ Customer Data Deletion – PCDD™.
PCS™ Customer Data Deletion – PCDD™ application allows PCS™ users to delete and remove all customers’ data that have been opened before a specified date. PCDD™ identifies customers that have been opened before the specified date, relates customer data, accounts, activity, cases and cases data tagged with a date before the specified date and erases them from PCS™ database. PCDD™ users have the options either to erase completely customer data and related information from PCS™ database or first move customer data to another database and then delete them from PCS™ database. The application takes into account the condition where a customer has activity or data updates after the specified date. In this case customer data are not deleted and an exception log entry is created.
PCS™ Customer Data Deletion – PCDD™ is a web-based database software system with web browser user interface and MS SQL or MS SQL Express RDBMS with which a user can:
1. Manage users with different roles (Administrator, Compliance Manager, Compliance Officer).2. Connects to PCS™ database and identify customers opened before a specified date.2. Evaluate if the identified customers have activity or data updates after the specified date.4. For customers that do not have activity or data updates after the specified date:
(a) Either erase all customer data permanently for PCS™ database.
(b) Or first move all customer data to the internal database and then erase all customer data from PCS™ database.
5. View customer data that have been moved to the internal database.