automating compliance

25 MAY

2018GDPR

preparation

The 2 sides to GDPRpreparation

25 MAY

2018GDPR

preparation

The 2 sides to GDPRpreparation

policies &procedures

data maps

past recorddata

contracts& forms

where tostart from

25 MAY

2018GDPR

preparationGDPR

ongoing

The 2 sides to GDPRongoing

policies &procedures

data maps

past recorddata

auditing

data pastretention

auditing groundsfor processing

allowing forbulk consent

processingclient requests

managing &audit of

data changes

right to forgetprocesses

contracts& forms

where tostart from

GDPRpreparation

GDPRon-going

The 2 sides to GDPRGDPR Auto

auditing

data pastretention

auditing groundsfor processing

allowing forbulk consent

processingclient requests

managing &audit of

data changes

right to forgetprocesses

policies &procedures

data maps

past recorddata

contracts& forms

where tostart from

the Ultimate DPO

GDPRpreparation

GDPRongoing

The 2 sides to GDPRGDPR Auto

the Ultimate DPO

GDPR Auto caters for both aspects of the timeline, helping clients in

getting up to speed with the regulation as well as the ongoing

obligation of GDPR

GDPR AutoPREPARATION

Legal Audits

Embedded Legal Audits at company level and subject level

Automatic configuration of all the aspects within the system based on the answers in the system

Automatic settings on data subjects and category of subjects across subjects

Recurring audits with full historical version control

GDPR AutoPREPARATION

GAP Analysis Report

Fully customised based on legal audits answered

Instant generation of report

Fully tailored task list from a GDPR perspective

Full version control on all past audits and analysis reports

GDPR AutoPREPARATION

EU Template Policy Documents

List of WORD template policies available in the system

Alerted based on requirements answered within the legal audits themselves

Ability to download policies and apply accordingly

A legal basis of a starting point for any company

Ability to upload existing policy documents for a central audit

GDPR AutoPREPARATION

Third Party Data Map Utility

Digitising the third party data within the company

Grouped by data subject across the company

Ability to define each field, its category, the system its stored in, the owner of the system, whether the data is identifiable or not and the source of the data

Ability to set decisions on which fields are to be exposed in subject requests and portability

Ability to define physical locations of data

Ability to set third party owners in this map for accountability purposes

GDPR AutoPREPARATION

Past Subject Data Handling

Allowing for migration of all past data via REST API

Dashboard alerts showing defences on all past data including:

Data sitting in your systems which is past your retention policy

Data for which you need consent but there is no subject consent given split by subject and category of data held

GDPR AutoPREPARATION & ONGOING

Bulk Consent Questionnaires

Ability to digitise questionnaires for purposes of consent or processing

Audited consent recorded at entity level with full version control

Ability to set automated review policy at questionnaire level

Ability to send in bulk across data subjects, automatically auditing the values inputted by clients

Instant ability for subjects to change their answers available at any point in time

GDPR AutoONGOING

On-going Subject Split View

Simple view showing the split of all subjects which fall under GDPR by subject type

System allows for inputting of subjects both manually (for the small operators) or automatically via REST API

The only four fields that the system holds within GDPR Auto on any subject are Name, Surname, Email and Mobile (not mandatory)

No other data on subjects is copied or stored within GDPR Auto

GDPR AutoONGOING

Subjects Past Retention Alerts

GDPR Auto allows for the setting of retention policies at subject level and at field level

Alerts are then automatically notified when subjects have triggered the past retention policy

This dashboard shows the data past retention for which a valid ground of processing has been audited and accounted for

The RED section shows the risk of breaches, the data which is sitting in your systems which is past retention which hasn’t been terminated or a valid ground of processing chosen

GDPR AutoONGOING

Instant Alerts on Consent Issues Across Subjects

Constant monitoring of all consent values across subjects

Consent automatically split based on categories of data collected on subjects namely:

Personal

Sensitive Personal

Biometric

Criminal

Automatic updating based on bulk consent questionnaires sent

GDPR AutoONGOING

External SAR and Portability Request Form

Instant availability of external requests

A form that filters all invalid requests without having to waste time searching for non-existent subjects

Instantly added to an audit for recording purposes

GDPR AutoONGOING

Automated Control of all Subject Requests

All types of client requests are audited and tracked in the system

Automated alerts on requests reaching the 30 day time limit

GDPR AutoONGOING

SAR & Portability Automation

System allows for fulfilling such requests either manually or automatically via REST API

All requests are handled by system owners automatically and fully audited

SAR’s are automatically rendered in PDF and can be delivered to subjects in various ways including email, download zone, via linked accounts all with 2 Factor Authentication

Portability is rendered in XML format following the same rules above

GDPR AutoONGOING

Audited Data Changes

GDPR Auto offers a real time action queue to the DPO

Any data change request is already audited, tracked and linked to an individual subject in real time

Embedded workflow engine with all system owners of the data requested with audited action

Workflow ensures accountability of all data owners in updating the request

GDPR AutoONGOING

Managing Terminations

GDPR Auto allows for the following types of terminations, fully audited and with embedded workflows with all defined system owners

DELETE – physical delete process of record from all systems

ANONYMISE – an irretrievable hashed value for all identifiable data on the subject across systems

PSEUDO-ANONYMISE – the ability for the subject to retrieve his data

INTERNAL-ANONYMISE – the ability to safeguard the data that you are obliged to keep

GDPRpreparation

GDPRongoing

GDPR Timelinea simple view

the Ultimate DPO

Creating a centralized audit of all decisions and actions taken to

ensure GDPR compliance

sales@aqubix.com