Explore all Modules

Consent and Preference Management

Consolidate your data and prioritize your relationship with customers

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Privacy 360

Clear 360 overview of all data and information regarding the individual data subject

Privacy Portal

Privacy portal allows customers to communicate their requests and preferences at any time

Data Processing Inventory

Harbor cooperation between DPO, Legal Services, IT and Marketing

Third Party Management

Guide your partners trough vendor management process workflow

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Data Flow

Establish a business and operational control over complete personal Data Flow within your organization

Data Removal

Introducing end-to end automation of personal data removal

Risk Management

Identifying the risk from the point of view of Data Subject

Explore all Modules

Consent and Preference Management

Consolidate your data and prioritize your relationship with customers

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Privacy 360

Clear 360 overview of all data and information regarding the individual data subject

Privacy Portal

Privacy portal allows customers to communicate their requests and preferences at any time

Data Processing Inventory

Harbor cooperation between DPO, Legal Services, IT and Marketing

Third Party Management

Guide your partners trough vendor management process workflow

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Data Flow

Establish a business and operational control over complete personal Data Flow within your organization

Data Removal

Introducing end-to end automation of personal data removal

Risk Management

Identifying the risk from the point of view of Data Subject

Focus on your priorities

Payment Service Directive (PSD2)

Article 11 GDPR; Processing which does not require identification

Article 10 GDPR; Processing of personal data relating to criminal convictions and offences

Article 9 GDPR; Processing of special categories of personal data

Article 8 GDPR; Conditions applicable to child’s consent in relation to information society services

Article 7 GDPR; Conditions for consent

Article 6 GDPR; Lawfulness of processing

Article 5 GDPR; Principles relating to processing of personal data

Article 3 GDPR; Territorial scope

Article 2 GDPR; Material scope

Latest Papers

Payment Service Directive (PSD2)

Article 11 GDPR; Processing which does not require identification

Article 10 GDPR; Processing of personal data relating to criminal convictions and offences

Article 9 GDPR; Processing of special categories of personal data

Article 8 GDPR; Conditions applicable to child’s consent in relation to information society services

Article 7 GDPR; Conditions for consent

Article 6 GDPR; Lawfulness of processing

Article 5 GDPR; Principles relating to processing of personal data

Article 3 GDPR; Territorial scope

Article 2 GDPR; Material scope

Article 1 GDPR; Subject-matter and objectives

Latest Papers

Consent and Preference Management

Consolidate your data and prioritize your relationship with customers

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Privacy 360

Clear 360 overview of all data and information regarding the individual data subject

Privacy Portal

Privacy portal allows customers to communicate their requests and preferences at any time

Data Processing Inventory

Harbor cooperation between DPO, Legal Services, IT and Marketing

Third Party Management

Guide your partners trough vendor management process workflow

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Data Flow

Establish a business and operational control over complete personal Data Flow within your organization

Data Removal

Introducing end-to end automation of personal data removal

Risk Management

Identifying the risk from the point of view of Data Subject

Explore all Modules

Consent and Preference Management

Consolidate your data and prioritize your relationship with customers

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Privacy 360

Clear 360 overview of all data and information regarding the individual data subject

Privacy Portal

Privacy portal allows customers to communicate their requests and preferences at any time

Data Processing Inventory

Harbor cooperation between DPO, Legal Services, IT and Marketing

Third Party Management

Guide your partners trough vendor management process workflow

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Data Flow

Establish a business and operational control over complete personal Data Flow within your organization

Data Removal

Introducing end-to end automation of personal data removal

Risk Management

Identifying the risk from the point of view of Data Subject

Focus on your priorities

Payment Service Directive (PSD2)

Article 11 GDPR; Processing which does not require identification

Article 10 GDPR; Processing of personal data relating to criminal convictions and offences

Article 9 GDPR; Processing of special categories of personal data

Article 8 GDPR; Conditions applicable to child’s consent in relation to information society services

Article 7 GDPR; Conditions for consent

Article 6 GDPR; Lawfulness of processing

Article 5 GDPR; Principles relating to processing of personal data

Article 3 GDPR; Territorial scope

Article 2 GDPR; Material scope

Latest Papers

Payment Service Directive (PSD2)

Article 11 GDPR; Processing which does not require identification

Article 10 GDPR; Processing of personal data relating to criminal convictions and offences

Article 9 GDPR; Processing of special categories of personal data

Article 8 GDPR; Conditions applicable to child’s consent in relation to information society services

Article 7 GDPR; Conditions for consent

Article 6 GDPR; Lawfulness of processing

Article 5 GDPR; Principles relating to processing of personal data

Article 3 GDPR; Territorial scope

Article 2 GDPR; Material scope

Article 1 GDPR; Subject-matter and objectives

Latest Papers

Consent and Preference Management

Payment Service Directive (PSD2)

Article 1 GDPR; Subject-matter and objectives

DPM module

Risk Management

Managing personal data without proper risk management is putting every organization in a precarious position. The risks we are identifying are not the risks for the organization, rather the risk from the Data Subjects’ point of view

Challenge

Usually, there are three sources of risk:

The first is Third Parties – DPO needs to asses all Data Processors which have access or to which personal data is disclosed. It requires contractual protections with Data Processors and their Sub-Processors. Awareness what is the risk score of our Third Parties and acting to mitigate the risk is essential in avoiding the potential fines

The second is IT (and non-IT) Systems, where personal data is stored. Organization needs to be aware of which kinds of security measures were undertaken. If it is a Cloud system, the location of the data center can affect the risk score.

The third source of risk is, of course, Data Privacy Impact Assessment (DPIA) which needs to be conducted when there is a systematic and extensive evaluation of the personal aspects of an individual, including profiling; or processing of sensitive data on a large scale; or systematic monitoring of public areas on a large scale. Out of DIPA, many risks can rise and we need to be able to properly manage them.

Solution

The Risk Management module empowers your DPO with a high-level overview of risks associated with each processing activity, and to allow for a more detailed insight into residual risks behind a particular processing activity by means of linking it to a relevant data protection impact assessment.

Before assigning the risk to a processing activity, third party, or a system you will have to (re)define the risk methodology your organization is currently using. It is possible to adjust the risk matrix both by impact and probability. As well as define risk scores.

By having risk methodology in place and assigning risks to the key entities, the solution creates a Risk Register, which acts as a guideline for the management. It shows where the organization is vulnerable and what should be the next key steps in order to provide compliant personal data processing.

DPIA register allows business process owners to download the DPIA template, to do assessments, and upload the results back to Data Privacy Manager.

Included functionalities:

Custom risk methodology, 1
Central management of risk assessments, 2
Central privacy risk reporting, 3

Benefits

Centralization

The Risk Register and DPIA register in one place within the Data Privacy Manager together with other essential GDPR processes

Custom risk methodology

Adjust the risk methodology to the one your organization is already using and keep risk management comprehensive

DPIA register

Collaborate and create DPIAs, use available templates and upload the results

Data Privacy Manager is available in flexible pricing options for your growing business needs

Personal data lifecycle

Collection

Interaction with data subjects

Contract
Consent

Lawfull Processing

Everyday business

Data monetization
Services delivery
Marketing

Archiving

Lawful basis expiration

Contract Expiration
RTBF
Opt-out

Destruction

Data destruction

Anonymization
Deletion

Business Process
(Original Purposes)

Data Retention
(Purpose change)

No Purpose

Personal data lifecycle

Business Process
(Original Purposes)

Interaction with data subjects

Contract
Consent

Everyday business

Data monetization
Services delivery
Marketing

Data Retention
(Purpose change)

Lawful basis expiration

Contract Expiration
RTBF
Opt-out

No Purpose

Data destruction

Anonymization
Deletion

Learn how this solution helps your industry

While Organizations have been busy collecting consents and putting together compliant Records of processing activities, the data removal remained overlooked, or maybe postponed? Most of the Organizations have by now documented data retention policies and have a good idea about how long they can keep the data. Data retention starts when one of the following scenarios happen: The initial purpose for data collection and processing has expired. Usually, a product or services contract with an individual has expired, an insurance policy has expired or individual stopped using a product or a service…