Latest Blog posts
Learn the terms
General Data Protection Regulation
Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.
Latest papers
Data Discovery
27/01/2022
Data Processing Inventory
03/12/2020
Guide for a successful DPO
03/12/2020
Managing personal data without proper risk management is putting every organization in a precarious position. The risks we are identifying are not the risks for the organization, rather the risk from the Data Subjects’ point of view
Challenge
Usually, there are three sources of risk:
The first is Third Parties – DPO needs to asses all Data Processors which have access or to which personal data is disclosed. It requires contractual protections with Data Processors and their Sub-Processors. Awareness what is the risk score of our Third Parties and acting to mitigate the risk is essential in avoiding the potential fines
The second is IT (and non-IT) Systems, where personal data is stored. Organization needs to be aware of which kinds of security measures were undertaken. If it is a Cloud system, the location of the data center can affect the risk score.
The third source of risk is, of course, Data Privacy Impact Assessment (DPIA) which needs to be conducted when there is a systematic and extensive evaluation of the personal aspects of an individual, including profiling; or processing of sensitive data on a large scale; or systematic monitoring of public areas on a large scale. Many risks can arise when conducting DPIA and you need to be able to properly manage them.
Solution
The Risk Management module empowers your DPO with a high-level overview of risks associated with each processing activity, and to allow for a more detailed insight into residual risks behind a particular processing activity by means of linking it to a relevant data protection impact assessment.
Before assigning the risk to a processing activity, third party, or a system you will have to (re)define the risk methodology your organization is currently using. It is possible to adjust the risk matrix both by impact and probability. As well as define risk scores.
By having risk methodology in place and assigning risks to the key entities, the solution creates a Risk Register, which acts as a guideline for the management. It shows where the organization is vulnerable and what should be the next key steps in order to provide compliant personal data processing.
DPIA register allows business process owners to download the DPIA template, to do assessments, and upload the results back to Data Privacy Manager.
Included functionalities:
• Custom risk methodology
• Central management of risk assessments
• Central privacy risk reporting
Benefits
Centralization
The Risk Register and DPIA register in one place within the Data Privacy Manager together with other essential GDPR processes
Custom risk methodology
Adjust the risk methodology to the one your organization is already using and keep risk management comprehensive
DPIA register
Collaborate and create DPIAs, use available templates and upload the results
Flexible pricing options
Data Privacy Manager is available in flexible pricing options for your growing business needs.
Personal data lifecycle
Collection
Interaction with data subjects
- Contract
- Consent
Lawfull Processing
Everyday business
- Data monetization
- Services delivery
- Marketing
Archiving
Lawful basis expiration
- Contract Expiration
- RTBF
- Opt-out
Destruction
Data destruction
- Anonymization
- Deletion
Business Process
(Original Purposes)
Data Retention
(Purpose change)
No Purpose
Personal data lifecycle
Business Process
(Original Purposes)
Interaction with data subjects
- Contract
- Consent
Everyday business
- Data monetization
- Services delivery
- Marketing
Data Retention
(Purpose change)
Lawful basis expiration
- Contract Expiration
- RTBF
- Opt-out
No Purpose
Data destruction
- Anonymization
- Deletion
Learn how this solution helps your industry
While Organizations have been busy collecting consents and putting together compliant Records of processing activities, the data removal remained overlooked, or maybe postponed? Most of the Organizations have by now documented data retention policies and have a good idea about how long they can keep the data. Data retention starts when one of the following scenarios happen: The initial purpose for data collection and processing has expired. Usually, a product or services contract with an individual has expired, an insurance policy has expired or individual stopped using a product or a service…
Download the papers
Companies today operate in an environment where they need to quickly grasp the sheer volume of the …
Data processing inventory is in the heart of every privacy program because it all starts with under…
Privacy programs are yet to be established in many organizations and require further encouragement …
Companies today operate in an environment where they need to quickly grasp the sheer volume of the data they process and the importance of data processing.
Data processing inventory is in the heart of every privacy program because it all starts with understanding and recording personal data processing within the Organization.
Privacy programs are yet to be established in many organizations and require further encouragement from the management. We shared 5 basic steps for a successful privacy program that will help you within the organization.
What do you have to take into account when managing privacy risks? Can you really avoid all risks? Might there be another, better, approach to coping with risks?
Request a Data Privacy Manager demo
Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.
Services
Menu
Resources
Menu
Latest blog posts
Latest blog posts