GDPR personal data inventory tool
We think that understanding where and how you process your personal data at all times - an efficient and simple personal data management solution - is the key to continued compliance. The essential step is to maintain a clear inventory of personal data processing in the organization. This means evidence of clearly defined purposes of processing, legal basis, IT systems involved, etc., for all types of personal data processed.
Our automated solution: the automated personal data inventory tool maintains a detailed database of all personal data processing, with a simple user interface and low cost. By performing data mapping ourselves, or using your existing Art. 30 reports, we tailor our automated personal data inventory tool for you, including:
Centralized storage of the database with customized user access rights
Easy updating of data
Avoiding new complex software implementation – our solution is based on Office 365, with no additional licensing fees
Watch our product video on the top of the page, and we will be happy to show you a demonstration.
Business Intelligence (BI) is a process of analyzing large volumes of data to enhance business performance by providing end users such as corporate executives and business managers to take more informed business decisions.
The business intelligence market is likely to grow reasonably in the forecasting period due to increasing adoption of cloud, growth of advanced analytics, adoption of data-driven decision making, and emergence of IoT enabled technologies.
Modern business intelligence and analytics market is expected to grow 19% by 2020, a Gartner study said.
Automated DPIA tool
Are you sure that you have sufficiently covered all the risks of personal data processing in your organization?
GDPR comes with a requirement to analyse the risks of personal data processing in a specific way: to perform data privacy impact assessments in line with GDPR Art. 35. Every data controller must first assess which of their existing or planned personal data processing operations require such an assessment, and then perform the assessment in accordance with requirements of Art. 35.
We will provide you with an easy-to-use DPIA methodology with automated steps, including an assessment of whether DPIA is required (based on WP29 and national regulator criteria). The added value for you is that it saves your time when performing and documenting a DPIA assessment. We can provide you with our template automated tool, train you in performing the assessment, or perform the assessment for you, so that you can sleep soundly knowing your risks are covered, and you can clearly demonstrate compliance to the regulator.
Monitoring GDPR compliance
How do you tangibly assess GDPR compliance status so you can sleep soundly? Are there any areas for quick-fixes, or are there any serious gaps which could leave you exposed to penalties?
Instead of spending on developing a new methodology (e.g. by your internal audit), we can provide a ready-made work program, which can be tailored to your needs. This will enable you to identify potential risk areas, and transparently demonstrate compliance to the regulator.
PwC has developed an automated tool which can be applied by the DPO or internal audit to assess the status of GDPR compliance and identify remaining risks.
It includes checklist-style items and automated documentation steps with automatically evaluated responses. Content can be tailored to address your company policies, processes, etc.
Data erasure rules
The obligation to only keep personal data for the minimum necessary period of time, and subsequently to erase it is applicable to all companies. How long should companies keep personal data? When does the retention period start for particular types of data? And is it even technically feasible to physically erase the data? Data controllers face a challenging task to address these practical issues, and erase data in accordance with GDPR requirements.
Based on our experience in personal data mapping and building on our personal data inventory solution, our team can help you to :
Identify legislative requirements for retention periods of personal data types in various geographies
Recommend retention periods for types of personal data where no archiving requirement exists
Prioritize IT systems for data erasure
Prepare data erasure rules for individual IT systems and for individual types of personal data
Data erasure rules are a set of clear rules stating at what point in time should each type of data be erased in an IT system.
Audit of data processors
In accordance with GDPR, the responsibility for compliance lies with the data controller. This does not apply only in terms of possible penalties, but the data controller is also liable in the eyes of the public – as the controller is the publicly visible entity. How can you obtain reliable information about whether data processing by the processor is carried out in line with security measures, and whether data breaches have been prevented?
An audit of the security measures implemented by the data processor performed by an independent party will ensure an objective assessment of the data processor.
We provide a standardized methodology for the performance of audit of personal data processors, which will save your time in the performance and documentation.
We also perform audit of selected data processors, and can train your staff in performance of audits
The outcome of each data processor audit is audit documentation and a findings report.