Tailored to GDPR
Data Privacy Manager is developed from scratch from the first line of code exclusively for GDPR. An experienced multidisciplinary team of experts designed the solution, having in mind the requirements of the new regulation. By using specialized GDPR software you minimize the risk of potential penalties.
By choosing an easy-to-plug-in solution like Data Privacy Manager, you can significantly accelerate the adjustment of the complete IT infrastructure. After successfully implementing the Data Privacy Manager, many GDPR relevant processes are automated, allowing organization’s focus on revenue-generating core businesses.
Central management and connectivity with other systems
With Data Privacy Manager you have control and you can manage GDPR processes from one point. Central management of GDPR processes is enabled by connecting Data Privacy Manager to all systems and applications that contain the data subjects’ personal data.
Data Subject’s Rights Management
Organizations that process personal data are required to fulfill the rights of citizens whose data is being processed within the legal deadline which is challenging for most organizations because it requires a high level of personal data management. Data Privacy Manager automates the entire process, from the request registration, through the process of request approval and data processing, to notifying the complainant of the outcome. By integrating the Data Privacy Manager into the IT arhitecture, meeting the demand of the data subject becomes a centralized and effective process.
Data Privacy Manager contains a rich set of functionalities for consent lifecycle management, from creating the definition of consent to analyzing collected consents. By simple integration with other systems, such as a Web page, CRM systems or mobile applications, Data Privacy Manager serves as the place of truth for the privacy settings of data subjects and ensures a timely start or stop of data processing for the purpose that you defined. With the GDPR, collecting consents becomes a part of the marketing campaign, and now the organizations can prove how they gathered their data subjects’ consent.
Contract as a legal basis for the data collection
GDPR defines 6 legal basis for data collection: Contractual necessity, Compliance with legal obligations, Vital interests, Public interest, Legitimate interests and Consent. Data Privacy Manager covers all 6 legal bases. As a large number of organizations collect personal data based on contracts with their data subjects, Data Privacy Manager has a special contract management module. This module defines the types of contract, the list of data subjects, contract status, duration of contract and other contract details that achieve GDPR compliance.
Records of processing activities
According to the Article 30 of the GDPR, all organizations that process personal information are required to keep records of processing activities. Data Privacy Manager is an electronic record of personal data processing that contains all the information provided by GDPR. Furthermore, it allows more detailed processing records such as saving all data types that are being processed along with the information about their sensitivity and defining the data storage period. All information changes about processing activities are versioned through Data Privacy Manager and are available for insight. It also defines processing owners’ activities who receive notification about user requests with the recommendations of the Data Protection Officer and decide to initiate processing of user requests.
Data Privacy Manager and the GDPR Regulation
Data Privacy Manager uses terms, processes and logic that are directly taken from the GDPR Regulation. The most important articles that software relies on are:
- Article 4 – Definitions
- Article 6 – Lawfulness of processing
- Article 7 – Conditions for consent
- Article 8 – Conditions applicable to child’s consent in relation to information society services
- Article 9 – Processing of special categories of personal data
- Article 12 – Transparent information, communication and modalities for the exercise of the rights of the data subject
- Article 15-22 – Rights of the data subject
- Article 30 – Records of processing activities
- Article 44 – General principle for transfers
Privacy by Design and Default
When developing Data Privacy Manager, special attention was paid to the important principle of GDPR – Privacy by Design and Default. This GDPR software does not require the creation of a new personal data silo. Data Privacy Manager connects via ID with the central database without saving the personal data of data subjects. The system then does not show personal data by which we have met the principles of minimizing the display of data subjects’ personal data. If there are processes inside the organization that currently don’t have their central database (and the data is stored in Excel for example), it is possible to import this data into the Data Privacy Manager, and it becomes a personal database for these processes.
Although GDPR is primarily a legal issue, the implementation of regulation itself and adaptation of the process is implemented through the integration of many IT systems. Data Privacy Manager connects to all systems that contain personal data through API. Organizations are provided with complete documentation that details the integration of the frontend (for example – web, mobile application, webshop) and backend (CRM, DWH, ERP, billing) systems. In this way, central control and management of GDPR processes are achieved.
A built-in portal for managing the privacy settings of the data subjects is the solution for all organizations that do not have an existing web portal or simply want a solution that will allow them to give data subjects control over their personal data. This includes opting in or opting out and the possibility of exercising data subjects’ rights that were defined by the GDPR. This web application exposed to end users is tailor-made to the needs and visual identity of the organization, and it represents for the end user (data subject) one place to manage all personal data that company processes. This represents an easy solution for GDPR compliance in context of giving information to data subjects and fulfilling their rights.
Do you know where all the data on your company infrastructure are being processed? Do you have a tool that can check that? Module for data discovery connects to all standard databases and automatically searches all personal data collected on them. You can simply define all data types that your company is processing and create processes that, in defined time intervals, search systems and find personal data. Personal data that were found are tied to personal data records processes and give complete insight into processes that the organization conducts. By using Data Privacy Manager organizations reduce the risk of data breach and get a holistic view into personal data processing records.
Allow your organization to focus on core business, while Data Privacy Manager takes care of the GDPR processes.
Data Privacy Manager supports the following key processes:
Identifying the same user in different systems is not easy but it’s necessary. This is because sometimes the data of the same person are stored in different systems for different reasons: the organizations provide different services to the same individual, keep the same person’s data in different systems with different identifiers, or have separate marketing contact databases. In order for an organization to be compliant with GDPR, it has to know where all personal data is located and how to link the same person’s data. Data Privacy Manager provides an identity management interface and thus gives organizations the foundation for fulfilling citizens’ rights as prescribed by law. In that way, Data Privacy Manager manages all processing activities related to consents and meets the customers’ requests in real-time.
GDPR returns to the individual full control over managing its own personal data that business entities collect. Defined citizens’ rights include, for example, the right of access, the right to a correction, the right to data portability and the right to be forgotten. Organizations that process personal data are required to fulfill the citizens’ rights whose data is processed within the legal deadline. This is challenging for most organizations because it requires a high level of personal data management. The increase of the awareness level of the EU citizens’ rights for most organizations means the need for partial or complete automation of certain citizens’ rights fulfillment, due to the quantity of different types of requests that they get. Data Privacy Manager automates the entire process; from the application registration, through the request approval process and data processing, to the notifying the applicant of the outcome. Fulfillment of user requests may require the integration of multiple unrelated systems or processes because personal data are rarely found in one place. It is necessary to ensure timely communication between the systems, along with the approving requests process from the system owner. Data Privacy Manager is the central place for messaging between the systems, and it gives insight into trends and efficiency of meeting the users’ requests through the central dashboard.
For the organizations that need citizens’ consents for the legitimacy of personal data processing, consent management becomes a challenge because GDPR changes the consent definition and the process of collecting consents. Data Privacy Manager provides organizations with complete control over the given or withdrawn consents in real time. By integrating with all systems that process personal information, Data Privacy Manager ensures that personal data processing is legitimate. In order to ensure lawfulness, it is important for the organization to process only the data of the citizens who have given their consent. It is also essential to always be able to prove the way consent is collected and the purpose for which the data is being processed. By using Data Privacy Manager, organizations can at any time demonstrate who, when, through which channel and for what purpose gave them or withdrew a consent. They can also easily manage the process of creating new consents at the lowest level of granularity and manage the process of creating the data processing purposes. The solution is flexible and allows grouping data processing purposes and building a hierarchy of consents using simple forms. Import of existing consents that are not compatible with GDPR is also possible. An import of existing consents allows the organization to control campaigns and consent process collecting by defining KPIs and using a central Dashboard for consents.
Complying an organization with GDPR is a process which does not end with the entry of GDPR into force, but lasts as long as the organization processes personal data. If an organization is required to appoint a Data Protection Officer, it is essential to ensure that this person has access to all processes that are important for complying with GDPR. Data Privacy Manager enables insight into key processes in real time through the Data Protection Officer Central dashboard. The central dashboard provides insight into the consent management processes, purposes management, management of personal data processing records, and all processes related to user requests fulfillment, such as the right to be forgotten, data correction rights, or data transfer rights.
According to the Article 30 of the General Data Protection Regulation (GDPR), all organizations that process personal information are required to keep records of processing activities. Processing activities, for example, can be from the field of human resources, the everyday processing of clients’ personal data, data processing in direct marketing processes, etc. GDPR defines the information that needs to be recorded such as the name and contact of the data controller, processing purposes, data subjects’ category, personal data category, or data receivers’ category. The government authority may require records of processing activities, and the organizations shall provide records in written or in electronic form. Data Privacy Manager is an electronic record of personal data processing that contains all the information provided by GDPR. It furthermore allows more detailed processing records such as saving all data types that are being processed along with the information about their sensitivity. All information changes about processing activities are versioned through Data Privacy Manager and are available for insight. It also defines processing owners’ activities who receive notification about user requests with the recommendations of the Data Protection Officer and decide to initiate processing of user requests.