Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.
The second is IT (and non-IT) Systems, where personal data is stored. The organization needs to be aware of what type of security measures are taken. If it is a Cloud system, the location of the data center can affect the risk score.
The third source of risk is, of course, Data Protection Impact Assessment (DPIA) which needs to be conducted when there is a systematic and extensive evaluation of the personal aspects of an individual, including profiling; or processing of sensitive data on a large scale; or systematic monitoring of public areas on a large scale. Many risks can arise when conducting DPIA, and you need to be able to manage them properly.
The Risk Management module empowers your DPO with a high-level overview of risks associated with each processing activity and allows more detailed insight into residual risks behind a particular processing activity by means of linking it to a relevant data protection impact assessment.
Before assigning the risk to a processing activity, third party, or a system, you will have to (re)define the risk methodology your organization is currently using. It is possible to adjust the risk matrix both by impact and probability. As well as define risk scores.
By having a risk methodology in place and assigning risks to the key entities, the solution creates a Risk Register, which acts as a guideline for the management. It shows where the organization is vulnerable and what should be the next key steps in order to provide compliant personal data processing.
DPIA register allows business process owners to download the DPIA template, to do assessments, and upload the results back to Data Privacy Manager.
Flexible pricing options
Data Privacy Manager is available in flexible pricing options for your growing business needs.
While Organizations have been busy collecting consents and putting together compliant Records of processing activities, the data removal remained overlooked, or maybe postponed? Most of the Organizations have by now documented data retention policies and have a good idea about how long they can keep the data. Data retention starts when one of the following scenarios happen: The initial purpose for data collection and processing has expired. Usually, a product or services contract with an individual has expired, an insurance policy has expired or individual stopped using a product or a service…
Request a Data Privacy Manager demo
Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.