There is no shortage of information about the GDPR out there, from the six core principles to data subjects rights to the lawful basis for processing, there is a dizzy number of changes an organisation may need to implement.
While encryption, digital forensic solutions and incident response solutions are all being peddled as the silver bullet, what is really missing is oversight.
Wait! Hear me out.
Consider how simpler things would be, if you could view your data processing activities; measure your adherence; and be able to produce evidence at the press of a button, when requested?
Well, you can.
Below we have compiled five GDPR headaches, which we suspect many have or will suffer in the coming months; and why we think DPOrganizer provides a crucial management overlay, which could relieve these stresses.
As a GDPR management tool/solution, DPOrganizer can record and track the following information:
Just being able to map this information and be able to present it in a consumable format is a significant advantage over those organisations who are choosing to achieve this with spreadsheets.
DPOrganizer provides two key features for consuming the information which has been fed into as part of benefit number 1.
The map view allows you to plot your data controllers, data processors, third-parties, data stores and personal data collection points, such as websites onto a map.
Coloured lines linking each of these entities indicates the nature of their relationship; and can be helped to demonstrate processing activities to senior management.
Also included is an exportable report format which can be used to present any of the information from the map in a clean documented format.
Particularly in the case that you are requested such information from your supervisory authority, you will be able to demonstrate or evidence you adherence using the report.
Probably one of the most innovative features of DPOrganizer is the transparency widget. A tool which can be placed on a company website or intranet, which offers visitors the ability to query aspects of data processing, themselves.
This highly useful feature strikes at the requirement for transparency; and should help to cut down the number of subject access requests, as the information is already made available.
Where processing activities involve sensitive articles of personal data or are high risk, you should be running risk assessment activity otherwise known as a data privacy impact assessment.
DPOrganizer allows you to create these within its interface, following a step-by-step process and providing a clear and intuitive workflow, that guides you through the legal complexities.
The result is a comprehensive DPIA that meets the legal requirements imposed by GDPR and that mitigates your organization’s exposure to risk.
Take a look at our blog entitled "7 Considerations for GDPR Subject Access Requests" to learn more about this topic.
Where DPOrganizer has been fed with information regarding data processing activities, any areas which have been missed or incorrectly complete can be flagged for review.
For example, when completing a processing activity and not defining a retention period for storage of personal data; or failing to declare a legal basis for processing, DPOrganizer can highlight this as a gap in its records.
Particularly in large organisations where aspects of compliance may be missed, this feature can help to highlight those needles in the haystacks.
Are you interested in how DPOrganizer can help your organisation and its obligations to the GDPR? Book a call with one of our solutions specialists today to discuss this further.