The baseline for solid, secure and effective GDPR processes and operations are your master data.

GDPR·NOW is offering you key templates for mastering your master data, which can drive an efficient and secure GDPR operation.

Inbuild master data templates and database:

• Article 30 inventory
• List of IT systems
• List of relevant stakeholders and contact persons

The inbuild content type function gives you great functionality and options, and you will be able to extend the in-build master data tables, customization and workflow enabling etc.

Example from GDPR·NOW (see above) where stakeholders are in focus. The benefits of having all stakeholders in GDPR·NOW are many:

• Bind data agreements to a stakeholder
• Map a data object or a system to stakeholder
• Identifying important stakeholders or stakeholders which introduces risk
• Strong governance

Data Processing Agreements – or DPA – is a key element in the GDPR regulation.

GDPR·NOW have functions for handling your DPA’s, and with these functions, you will be able to create, control, and govern your DPA’s in a highly efficient way.

We have already seen, that authorities have an increasing focus on DPA’s, and it is most likely that we will see an even stronger focus from auditors when it comes to DPA side of GDPR.

GDPR·NOW uses the inbuilt document functions in SharePoint online, and extensions which we built into the solution. This means that you will be able to:

• Work/define with DPA templates (unlimited number of agreement templates)
• Create a DPA based on the template and connect it to metadata like data part (stakeholder), link to the system, link to data objects etc.
• DPA can consist of several files which will be stored in a unique SharePoint library, which you can share with relevant parts
• Set time interval or life-cycle parameters for next review where you will be notified
• Apply controls to the DPA

You can also build your own approval workflows in top of the DPA functions, or use 3’rd part tools like Adobe Sign for powering e-signatures into the workflow which will enable you to save even more time.

You need to react fast and precise in case of a security breach regarding your personal data – if you want to be compliant…

The objectives of this part of GDPR·NOW is to power some fundamental parts, and configure a workflow which can be followed if you get an incident.

The functions for supporting this part of GDPR – article 33 & 34 in the EU-GDPR regulation are:

• Pre-defined e-mail templates which can be used in case of emergency
• E-mail function which can notify data subjects about the case, and what we have done in order to avoid abuse of their personal data
• Logging the case including actions and task
• Fueling a predefined workflow with authorizations or similar
• Mapping root-cause and relevant stakeholders

This is the most efficient and secure solution for powering your security events, and they can even be triggered by your employees by just sending an email to system….

Above image – examples of templates which can be used in case of a security event.

Don’t handle requests from individuals as a project – put it in the system and let the system do the work (and perhaps automate it…)

You have already all the policies, SOP’s and other controlling elements in place. But you will sooner or later be prompted for an information request, a right to be forgotten request or perhaps the dangerous data exchange request.

And – you just have to do it, and you will not be refunded for the work. This means, to be effective you need to get a case system which handles these request for you.

GDPR·NOW have an in-built service center tailored to GDPR operations. You can define your own workflows, and pre-defined task which could be related to an operation.

Standard GDPR operations in GDPR·NOW:

• Consent Management and consent functions (cancellation of consent)
• Right to be forgotten
• Information Request
• Portability Request