In my previous blog, I introduced how RPA can address some of the mandatory obligations put in force by GDPR. Here, I take up the scope of GDPR personal identifiable information (PII) and how RPA can address some of the cases.
GDPR increases the scope of personal identifiable information (PII) identifiers by including online identifiers such as Cookies, IP addresses, genetic and biometric data. Organizations are expected to put-in-place comprehensive governance policies to include data minimization, anonymization, and pseudonymization. RPA can be employed to update and mask identifiable PII data within existing data across applications.
GDPR allows an individual to monitor how their information is being used by the organization.
RPA can help address this regulation in two ways.
- Firstly, if there are logs within the existing line of business (LOB) applications, RPA can deploy Bots to audit the logs, extract PII access information and persist this information into a PII file or database.
- Secondly, if there are no relevant logs within LOB applications, RPA Bots can be programmed to be triggered whenever PII is accessed or used within an application and persist this information into a PII a file or database.
In both the approaches, RPA helps by maintaining an audit trail of access and usage of PII which can be used to demonstrate compliance to GDPR requirements.
RPA implementation can manipulate PII information easily without extensive overhaul of existing applications at the same time ensuring that existing business rules are intact. Speaking of data, such uses of RPA is not limited to PII; it can be extended to data. RPA can manipulate, transform, and migrate large amounts of data through the UI of existing LOB applications or across applications.
Data migration using RPA has some interesting cases for a business, I will discuss this aspect in a later post.