automating compliance · 2019-02-28 · digitising the third party data within the company ......
TRANSCRIPT
automating compliance
25 MAY
2018GDPR
preparation
The 2 sides to GDPRpreparation
25 MAY
2018GDPR
preparation
The 2 sides to GDPRpreparation
policies &procedures
data maps
past recorddata
contracts& forms
where tostart from
25 MAY
2018GDPR
preparationGDPR
ongoing
The 2 sides to GDPRongoing
policies &procedures
data maps
past recorddata
auditing
data pastretention
auditing groundsfor processing
allowing forbulk consent
processingclient requests
managing &audit of
data changes
right to forgetprocesses
contracts& forms
where tostart from
GDPRpreparation
GDPRon-going
The 2 sides to GDPRGDPR Auto
auditing
data pastretention
auditing groundsfor processing
allowing forbulk consent
processingclient requests
managing &audit of
data changes
right to forgetprocesses
policies &procedures
data maps
past recorddata
contracts& forms
where tostart from
the Ultimate DPO
GDPRpreparation
GDPRongoing
The 2 sides to GDPRGDPR Auto
the Ultimate DPO
GDPR Auto caters for both aspects of the timeline, helping clients in
getting up to speed with the regulation as well as the ongoing
obligation of GDPR
GDPR AutoPREPARATION
Legal Audits
Embedded Legal Audits at company level and subject level
Automatic configuration of all the aspects within the system based on the answers in the system
Automatic settings on data subjects and category of subjects across subjects
Recurring audits with full historical version control
GDPR AutoPREPARATION
GAP Analysis Report
Fully customised based on legal audits answered
Instant generation of report
Fully tailored task list from a GDPR perspective
Full version control on all past audits and analysis reports
GDPR AutoPREPARATION
EU Template Policy Documents
List of WORD template policies available in the system
Alerted based on requirements answered within the legal audits themselves
Ability to download policies and apply accordingly
A legal basis of a starting point for any company
Ability to upload existing policy documents for a central audit
GDPR AutoPREPARATION
Third Party Data Map Utility
Digitising the third party data within the company
Grouped by data subject across the company
Ability to define each field, its category, the system its stored in, the owner of the system, whether the data is identifiable or not and the source of the data
Ability to set decisions on which fields are to be exposed in subject requests and portability
Ability to define physical locations of data
Ability to set third party owners in this map for accountability purposes
GDPR AutoPREPARATION
Past Subject Data Handling
Allowing for migration of all past data via REST API
Dashboard alerts showing defences on all past data including:
Data sitting in your systems which is past your retention policy
Data for which you need consent but there is no subject consent given split by subject and category of data held
GDPR AutoPREPARATION & ONGOING
Bulk Consent Questionnaires
Ability to digitise questionnaires for purposes of consent or processing
Audited consent recorded at entity level with full version control
Ability to set automated review policy at questionnaire level
Ability to send in bulk across data subjects, automatically auditing the values inputted by clients
Instant ability for subjects to change their answers available at any point in time
GDPR AutoONGOING
On-going Subject Split View
Simple view showing the split of all subjects which fall under GDPR by subject type
System allows for inputting of subjects both manually (for the small operators) or automatically via REST API
The only four fields that the system holds within GDPR Auto on any subject are Name, Surname, Email and Mobile (not mandatory)
No other data on subjects is copied or stored within GDPR Auto
GDPR AutoONGOING
Subjects Past Retention Alerts
GDPR Auto allows for the setting of retention policies at subject level and at field level
Alerts are then automatically notified when subjects have triggered the past retention policy
This dashboard shows the data past retention for which a valid ground of processing has been audited and accounted for
The RED section shows the risk of breaches, the data which is sitting in your systems which is past retention which hasn’t been terminated or a valid ground of processing chosen
GDPR AutoONGOING
Instant Alerts on Consent Issues Across Subjects
Constant monitoring of all consent values across subjects
Consent automatically split based on categories of data collected on subjects namely:
Personal
Sensitive Personal
Biometric
Criminal
Automatic updating based on bulk consent questionnaires sent
GDPR AutoONGOING
External SAR and Portability Request Form
Instant availability of external requests
A form that filters all invalid requests without having to waste time searching for non-existent subjects
Instantly added to an audit for recording purposes
GDPR AutoONGOING
Automated Control of all Subject Requests
All types of client requests are audited and tracked in the system
Automated alerts on requests reaching the 30 day time limit
GDPR AutoONGOING
SAR & Portability Automation
System allows for fulfilling such requests either manually or automatically via REST API
All requests are handled by system owners automatically and fully audited
SAR’s are automatically rendered in PDF and can be delivered to subjects in various ways including email, download zone, via linked accounts all with 2 Factor Authentication
Portability is rendered in XML format following the same rules above
GDPR AutoONGOING
Audited Data Changes
GDPR Auto offers a real time action queue to the DPO
Any data change request is already audited, tracked and linked to an individual subject in real time
Embedded workflow engine with all system owners of the data requested with audited action
Workflow ensures accountability of all data owners in updating the request
GDPR AutoONGOING
Managing Terminations
GDPR Auto allows for the following types of terminations, fully audited and with embedded workflows with all defined system owners
DELETE – physical delete process of record from all systems
ANONYMISE – an irretrievable hashed value for all identifiable data on the subject across systems
PSEUDO-ANONYMISE – the ability for the subject to retrieve his data
INTERNAL-ANONYMISE – the ability to safeguard the data that you are obliged to keep
GDPRpreparation
GDPRongoing
GDPR Timelinea simple view
the Ultimate DPO
Creating a centralized audit of all decisions and actions taken to
ensure GDPR compliance