Documentation Index
Fetch the complete documentation index at: https://docs.casebender.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
CaseBender provides comprehensive GDPR compliance capabilities for organizations that process personal data as part of security operations. As an on-premise platform, CaseBender gives you full control over data processing — your data never leaves your infrastructure.Data Subject Rights
Right of Access (Article 15)
CaseBender supports Data Subject Access Requests (DSARs):- Request Management: Track DSARs from receipt through fulfillment with SLA monitoring
- Data Discovery: Automatically discover all data associated with a data subject across cases, alerts, comments, audit logs, and observables
- Data Export: Generate structured data packages for data subject delivery
- Deadline Tracking: 30-day response deadline with extension management
- Acknowledgment: Automated acknowledgment to data subjects upon request receipt
Right to Erasure (Article 17)
CaseBender implements the right to be forgotten with safeguards:- Erasure Execution Engine: Systematically erases personal data across all platform entities
- PII Registry: Comprehensive mapping of where personal data is stored in every database model
- Anonymization: Where full deletion would compromise audit integrity, data is anonymized using consistent markers
- Legal Hold Check: Erasure requests are automatically checked against active legal holds
- Verification Report: Post-erasure verification confirms all personal data has been removed or anonymized
- Audit Trail: The erasure action itself is logged (without the erased data) for compliance evidence
Right to Rectification (Article 16)
- Users can update their personal information through their profile
- Administrators can correct data on behalf of data subjects
- All changes are tracked in the audit trail
Right to Data Portability (Article 20)
- Data export in structured, machine-readable formats (JSON, CSV)
- Includes all data the subject provided to the platform
- Export packages are encrypted for secure delivery
Consent Management
Consent Lifecycle
CaseBender tracks consent throughout its lifecycle:- Collection: Record consent with purpose, legal basis, and timestamp
- Storage: Consent records are stored with cryptographic integrity
- Verification: Check consent status before processing operations
- Withdrawal: Data subjects can withdraw consent at any time
- Impact Assessment: Withdrawal triggers an impact analysis showing what processing will stop
Processing Activities Register (Article 30)
Maintain a register of processing activities:- Activity Catalog: Document each processing activity with purpose, legal basis, and data categories
- Data Flow Mapping: Track where personal data flows within the platform
- Retention Periods: Document retention periods per processing activity
- Third-Party Sharing: Record any data sharing with third parties (integrations)
Breach Notification
Article 33 — Notification to Supervisory Authority
CaseBender supports the 72-hour breach notification requirement:- Breach Detection: Security monitoring and UEBA detect potential breaches
- Breach Recording: Document breach details, affected data, and impact assessment
- Authority Notification: Generate notification documents for supervisory authorities
- Timeline Tracking: Track the 72-hour deadline with escalation alerts
- Follow-Up: Manage supplementary notifications as more information becomes available
Article 34 — Notification to Data Subjects
When a breach is likely to result in high risk to individuals:- Subject Identification: Identify affected data subjects from breach scope
- Notification Generation: Generate clear, plain-language notifications
- Delivery Tracking: Track notification delivery and acknowledgment
- Remediation Guidance: Include recommended protective measures for affected individuals
Privacy Impact Assessment
Automated PIA (Article 35)
CaseBender automates Data Protection Impact Assessments:- Personal Data Detection: Automatically scan entities for personal data patterns
- Risk Assessment: Evaluate processing risks based on data types, volume, and sensitivity
- Mitigation Recommendations: Suggest privacy-enhancing measures based on identified risks
- Review Workflow: PIAs are reviewed and approved by the Data Protection Officer
- Continuous Monitoring: PIAs are re-evaluated when processing activities change
Cross-Border Transfer Controls
Transfer Safeguards (Articles 44-49)
CaseBender enforces data residency and cross-border transfer rules:- Data Residency Policies: Define where data can be stored and processed by jurisdiction
- Transfer Rules: Configure rules for when data can cross borders (adequacy decisions, SCCs, BCRs)
- Transfer Evaluation: Automatically evaluate proposed transfers against configured rules
- Violation Detection: Detect and alert on unauthorized cross-border data flows
- Transfer Heatmap: Visualize data flows across jurisdictions
Supported Transfer Mechanisms
| Mechanism | Description |
|---|---|
| Adequacy Decision | Transfer to countries with EU adequacy decisions |
| Standard Contractual Clauses | Transfer under approved SCCs |
| Binding Corporate Rules | Intra-group transfers under BCRs |
| Explicit Consent | Transfer with explicit data subject consent |
| Legal Obligation | Transfer required by law |
Privacy-Aware Logging
CaseBender implements privacy by design in its logging:- PII Redaction: Personal data is automatically redacted from application logs
- Configurable Redaction Paths: Define which fields are redacted in log output
- Audit vs. Application Logs: Audit logs retain necessary detail for compliance; application logs are privacy-safe
- Redaction Strategies: Support for masking, hashing, and full removal
Related Documentation
- Data Protection — Encryption and data retention
- Compliance Overview — All supported frameworks
- Audit Logging — Audit trail and integrity