IT Security News & Blog

How to Simplify the GDPR (5 Incredible DPOrganizer Features)

Posted: 3 September 2018

There is no shortage of information about the GDPR out there, from the six core principles to data subjects rights to the lawful basis for processing, there is a dizzy number of changes an organisation may need to implement.

While encryption, digital forensic solutions and incident response solutions are all being peddled as the silver bullet, what is really missing is oversight.

Wait! Hear me out.

Consider how simpler things would be, if you could view your data processing activities; measure your adherence; and be able to produce evidence at the press of a button, when requested?

Well, you can.

Below we have compiled five GDPR headaches, which we suspect many have or will suffer in the coming months; and why we think DPOrganizer provides a crucial management overlay, which could relieve these stresses.

 

1. Keeping Track of Processing Activities

As a GDPR management tool/solution, DPOrganizer can record and track the following information:

  • The types of personal data you collect and process.
  • The legal basis of processing.
  • The retention periods used.
  • Where personal data resides; or is stored.
  • Which applications have access to those data stores and who can access them.
  • Any third-party processors or recipients involved.
  • Any Privacy statements, processing instructions and persons responsible.

Just being able to map this information and be able to present it in a consumable format is a significant advantage over those organisations who are choosing to achieve this with spreadsheets.

DPOrganizer Processing Map View GDPR

 

2. Visualisation and Reporting of Processing Activities

DPOrganizer provides two key features for consuming the information which has been fed into as part of benefit number 1.

The map view allows you to plot your data controllers, data processors, third-parties, data stores and personal data collection points, such as websites onto a map.

Coloured lines linking each of these entities indicates the nature of their relationship; and can be helped to demonstrate processing activities to senior management.

Also included is an exportable report format which can be used to present any of the information from the map in a clean documented format.

Particularly in the case that you are requested such information from your supervisory authority, you will be able to demonstrate or evidence you adherence using the report.

DPOrganizer Exportable GDPR Compliance Report

 

3. Create a Transparency Widget to Cut Down on SARs

Probably one of the most innovative features of DPOrganizer is the transparency widget. A tool which can be placed on a company website or intranet, which offers visitors the ability to query aspects of data processing, themselves.

This highly useful feature strikes at the requirement for transparency; and should help to cut down the number of subject access requests, as the information is already made available.

DPOrganizer Transparency Widget DSAR GDPR

 

4. Create, Review and Centralise GDPR Data Privacy Impact Assessments (DPIAs)

Where processing activities involve sensitive articles of personal data or are high risk, you should be running risk assessment activity otherwise known as a data privacy impact assessment.

DPOrganizer allows you to create these within its interface, following a step-by-step process and providing a clear and intuitive workflow, that guides you through the legal complexities.

The result is a comprehensive DPIA that meets the legal requirements imposed by GDPR and that mitigates your organization’s exposure to risk.

DPOrganizer GDPR DPIA Data Privacy Impact Assessment

Take a look at our blog entitled "7 Considerations for GDPR Subject Access Requests" to learn more about this topic.

 

5. Find Areas of Non-Compliance or Missing Information

Where DPOrganizer has been fed with information regarding data processing activities, any areas which have been missed or incorrectly complete can be flagged for review.

For example, when completing a processing activity and not defining a retention period for storage of personal data; or failing to declare a legal basis for processing, DPOrganizer can highlight this as a gap in its records.

Particularly in large organisations where aspects of compliance may be missed, this feature can help to highlight those needles in the haystacks.

DPOrganizer-Wizards

Are you interested in how DPOrganizer can help your organisation and its obligations to the GDPR? Book a call with one of our solutions specialists today to discuss this further.

 

New call-to-action

Topics: GDPR, DSAR, Compliance, DPOrganizer, DPIA

Chris Payne

Written by Chris Payne

Managing Director - Advanced Cyber Solutions