Data Privacy Manager is a web application which enables organizations to manage consents and user requests in a simple and GDPR compliant way. Organizations using the Data Privacy Manager can demonstrate at any time who, when, through which channel and for what purpose gave them or withdrew their consent.
Data Privacy Manager uses terms, processes and logic which are directly taken from the GDPR Regulation. The most important articles that solution relies on are:
- Article 4 – Definitions
- Article 6 – Lawfulness of processing
- Article 7 – Conditions for consent
- Article 12 – Transparent information, communication and modalities for the exercise of the rights of the data subject
- Article 30 – Records of processing activities
- Article 44 – General principle for transfers
Data Privacy Manager provides organizations with complete control over the given or withdrawn consents in real time. By integrating with all the systems that process personal information, Data Privacy Manager ensures that personal data processing is legitimate. In order to ensure lawfulness, it is important for the organization to process only the data of the citizens who have given their consent. In addition, it is necessary to be able to give evidence of the way consent is collected and the purpose for which the data is being processed. Organizations can easily manage the process of creating new consents at the lowest level of granularity and manage the process of creating the purposes of data processing. The solution is flexible and allows grouping the purposes of data processing activities and building a hierarchy of consents using simple forms. It is also possible to import the existing consents that are not compatible with GDPR.
Organizations that process personal data are required to fulfill the citizens’ requests within the legal deadline. This is challenging for most organizations because it requires a high level of personal data management. The increase of the awareness level of EU citizens’ rights for most organizations means the need for partial or complete automation of the processes due to the quantity of different types of submitted requests. Data Privacy Manager automates the entire process; from the request registration, through the request approval process and data processing, to the notifying the applicant about the outcome. Data Privacy Manager is the central place for information exchange between the systems, and, through the central dashboard, it gives insight into trends and efficiency of user requests handling.
Processing activities, for example, can be human resources processes, everyday processing of clients’ personal data, data processing in direct marketing processes, etc. GDPR defines the information which needs to be recorded such as the name and contact of the data controller, processing purposes, data subjects’ category, personal data category, or data receivers’ category. The government authority may require records of processing activities, and the organizations shall provide records in written or in electronic form. Data Privacy Manager is an electronic record of personal data processing that contains all the information provided by GDPR. It also allows more detailed processing records such as saving all data types that are being processed, together with the information about their sensitivity. All information changes about processing activities are versioned through Data Privacy Manager and are available for insight.
Data Privacy Manager is designed as a tool for Data Protection Officers. It enables full control over all processes regarding consent management and user requests. Furthermore, there is a Dashboard where it is possible to keep track of all of the most important information in real time. This solution is a necessary tool for successful and accountable work of Data Protection Officers and it reduces the possibility of unnecessary costs or penalties.
During the implementation of consent management solution it is necessary to pay attention if another silos of users’ personal information is generated simultaneously. Data Privacy Manager solves this issue by connecting to the central database without saving the subjects’ personal data. For organizations, which are by the systems number smaller and simpler, it is possible to import all the data into the Data Privacy Manager. It then becomes the central place and database of the user’s personal information.
There are two license versions:
- SME (Small and Medium Enterprises) – for organizations up to 250 employees and up to 50 m EUR income
- Enterprise – for organizations with more than 250 employees and with more than 50 m EUR income. One License per each Data Controller.
This integration requires significant time and financial resources. As the implementation date of the GDPR is getting closer, Data Privacy Manager helps to accelerate GDPR compliance process and gives you opportunity to focus your resources on customization of the existing systems (eg. Frontend, CRM, Billing, ERP, etc.). Data Privacy Managers’ architecture has been developed so that the application is adaptive and open to as many organizations no matter the size and technology they currently use. You can use SQL Server, Oracle or DB2 as a database. The application is a central place for collecting and reporting information about consents and Data Subjects requests and sending information via API to ESB or directly to existing legacy client systems.
Yes, it does! For organizations that are oriented on the Cloud solutions, Data Privacy Manager is available as a part of the Microsoft Azure platform.