Loading...
GDPR·NOW 2018-04-30T22:26:24+00:00

Support to your dailiy GDPR activities?

GDPR·NOW links daily routine GDPR task and GDPR processes into SharePoint

GDPR·NOW in a nutshell

GDPR is now a reality. The objective is now to stay compliant with a minimum amount of effort – but still sufficient in regards to the GDPR regulation.

The GDPR·NOW solution joins the two opposite forces – stay compliant with a minimum of effort. This is being done by a digital support to the burdensome working processes and disciplines in the regulation.

Fueling of the daily practical working task is extremely important. But that’s not all, with GDPR·NOW you will get a full modern collaboration platform with strong business insight. This means that the tool will be a real-time compliance dashboard which generates important management information (and documentation support in regards to compliance audits).

In turn, GDPR·NOW is a real time-saving solution and used correctly secure a high degree of compliance.

Contact us for information and demo about GDPR·NOW

Key benefits with GDPR·NOW

  • Practical handling of data processing agreements, linking stakeholders to agreements and notes and actions in regards to data processing agreements

  • Registration of requests from persons in regards to their “new” rights (process support for the information request, request for deletion “right to be forgotten” etc.)

  • Process automation – let the system execute boring burdensome manual tasks

  • Registration of security breach and process execution

  • GDPR master data management – inventory of data objects, systems etc.

  • Central collection of consent and consent management

  • Task Management and controls

  • Documentation and workflows in regards to documentation

  • Business insight – use of PowerBI for reporting and advanced statistics

article 30 list GDPR

Does GDPR·NOW fit my organization?

The target group for GDPR·NOW is either a small organization which handles highly sensitive personal data, or a large/complex organization which have a GDPR process and documentation need.

GDPR·NOW fits in all industries, and can be customized to fulfill complex GDPR compliance processes and workflows.

  • GDPR·NOW is a pure SharePoint app which can be integrated into company-specific data very easily. A number of open standard interfaces exist, and you can use Microsoft Flow, web service (REST API) for integration

  • Process support – even that the regulation is the same your current IT-production landscape will vary from company to company. This means that you need to have a process tool where you can adjust processes to fit into your IT silos (which processes personal data) and your organization

  • Documentation is king – when it comes to compliance. SharePoint is mastering content and knowledge, and you will be able to combine processes with content. The result is real-time documentation

Contact us for information and demo about GDPR·NOW

Tools for GDPR compliance is everywhere….

… and where are GDPR·NOW in this messy tool-world

GDPR tool hierarchy

GDPR tooling triangle

GDPR·NOW is an operational tool. It can work as an independent tool, or it can be integrated to other platforms and/or compliance tools.

We see the tooling landscape as a triangle.

The top is defined by controlling tool packages, which is related to the core legislation, and perhaps a number of frameworks/templates (could be SOP’s, policies etc.). These tools are only being used by a small group of people in the organization. Perhaps only the DPO.

The second level is operational aspects and disciplines. This could be a digital support to cases where a data subject is contacting you with the request “ I want to be deleted from your systems”. This is also known as the “right to be forgotten” right which people has according to the EU-GDPR regulation.

Another important step in operational excellence is documentation, which is linked together to the operational disciplines.

The third level is technical tools. This could be discovery tools, scanning tools or tools which controls content.

The fourth level is existing platform or systems which is in use. Several vendors have already a portfolio of GDPR compliance tools. Most of them are tech. tools which are a natural extension of core systems. Examples could be Office 365 from Microsoft, where there are a number of GDPR tools attached to the use of Office 365.

Operational GDPR Excellence

Delivered by GDPR·NOW

Examples of some of the practical disciplines which can be powered by GDPR·NOW

Do you have the GDPR master data available in a central repository?

The baseline for solid, secure and effective GDPR processes and operations are your master data.

GDPR·NOW is offering you key templates for mastering your master data, which can drive an efficient and secure GDPR operation.

Inbuild master data templates and database:

  • Article 30 inventory
  • List of IT systems
  • List of relevant stakeholders and contact persons

The inbuild content type function gives you great functionality and options, and you will be able to extend the in-build master data tables, customization and workflow enabling etc.

Stakeholders GDPR

Example from GDPR·NOW (see above) where stakeholders are in focus. The benefits of having all stakeholders in GDPR·NOW are many:

  • Bind data agreements to a stakeholder
  • Map a data object or a system to stakeholder
  • Identifying important stakeholders or stakeholders which introduces risk
  • Strong governance

Data Processing Agreements – have you structure and governance in place?

Data Processing Agreements – or DPA – is a key element in the GDPR regulation.

GDPR·NOW have functions for handling your DPA’s, and with these functions, you will be able to create, control, and govern your DPA’s in a highly efficient way.

We have already seen, that authorities have an increasing focus on DPA’s, and it is most likely that we will see an even stronger focus from auditors when it comes to DPA side of GDPR.

Data Processing Agreements GDPR

GDPR·NOW uses the inbuilt document functions in SharePoint online, and extensions which we built into the solution. This means that you will be able to:

  • Work/define with DPA templates (unlimited number of agreement templates)
  • Create a DPA based on the template and connect it to metadata like data part (stakeholder), link to the system, link to data objects etc.
  • DPA can consist of several files which will be stored in a unique SharePoint library, which you can share with relevant parts
  • Set time interval or life-cycle parameters for next review where you will be notified
  • Apply controls to the DPA

You can also build your own approval workflows in top of the DPA functions, or use 3’rd part tools like Adobe Sign for powering e-signatures into the workflow which will enable you to save even more time.

Is the Information Incident Security Response plan in place?

You need to react fast and precise in case of a security breach regarding your personal data – if you want to be compliant…

The objectives of this part of GDPR·NOW is to power some fundamental parts, and configure a workflow which can be followed if you get an incident.

The functions for supporting this part of GDPR – article 33 & 34 in the EU-GDPR regulation are:

  • Pre-defined e-mail templates which can be used in case of emergency
  • E-mail function which can notify data subjects about the case, and what we have done in order to avoid abuse of their personal data
  • Logging the case including actions and task
  • Fueling a predefined workflow with authorizations or similar
  • Mapping root-cause and relevant stakeholders
Security breach templates GDPR·NOW

This is the most efficient and secure solution for powering your security events, and they can even be triggered by your employees by just sending an email to system….

Above image – examples of templates which can be used in case of a security event.

Are you able to handle requests from individuals?

Don’t handle requests from individuals as a project – put it in the system and let the system do the work (and perhaps automate it…)

You have already all the policies, SOP’s and other controlling elements in place. But you will sooner or later be prompted for an information request, a right to be forgotten request or perhaps the dangerous data exchange request.

And – you just have to do it, and you will not be refunded for the work. This means, to be effective you need to get a case system which handles these request for you.

GDPR case management GDPR·NOW

GDPR·NOW have an in-built service center tailored to GDPR operations. You can define your own workflows, and pre-defined task which could be related to an operation.

Standard GDPR operations in GDPR·NOW:

  • Consent Management and consent functions (cancellation of consent)
  • Right to be forgotten
  • Information Request
  • Portability Request