easyGDPR standard
The following tasks can be performed with easyGDPR Standard:
DSGVO Requirements Analysis/DSGVO Quickcheck
By asking short, targeted questions, you can find out your DSGVO status in just a few minutes. This status gives you the basic information about what measures are necessary to become DSGVO-ready.
Processing directory
With easyGDPR Standard, all processes that record personal data are recorded. Many templates make the capture particularly efficient. This shortens the time needed for preparation and prevents important procedures from being forgotten.
In addition, industry-specific templates are also available, here many processes are already pre-filled. This makes the creation of the processing directory according to the GDPR a breeze.
Risk analysis
A risk analysis can be written for each processing with easyGDPR Standard. This function shows the risk associated with the collected data. A distinction is made between how high the risk would be if
- the data would be temporarily unavailable,
- the data would be permanently lost or
- the data would be stolen or published on the Internet.
A separate risk assessment can be made for each of these items. If data of special categories (sensitive data, such as health data, biometric data, religious affiliation, etc.) is processed, you should conduct a data protection impact assessment in accordance with the GDPR. The data protection impact assessment replaces the previously mandatory notification to the Data Processing Register (DVR). If you are unsure whether or not you need to conduct a data protection impact assessment, please contact a GDPR expert or take advantage of our GDPR advice.
Order processing contract
If the collected data is transferred to a service provider, the General Data Protection Regulation requires you to conclude a data processing contract with this company. In easyGDPR you can document whether the contracts have been concluded or not.
easyGDPR Standard also allows you to create the appropriate order processing contracts automatically. This will save you not only time, but also costs for lawyers, etc.
Catalog of measures
In the catalog of measures, you document in four categories which measures have been taken to ensure data protection. These steps are automatically included in the GDPR documentation.
Security
You will be asked what measures have been put in place to minimize the risk of data theft. This involves documenting not only IT security measures, such as whether a firewall and virus scanner are in place, but also organizational measures, such as the presence of alarm systems and access control systems.
Confidentiality
Use the form to document how data is protected from unauthorized access. In addition to questions about password policies and administrator rights, the handling of waste paper (e.g. whether data shredding is available) is also documented.
Integrity
Data integrity describes whether the existing data is correct and whether it is traceable whether data has been changed. easyGDPR queries whether your systems log the entry, deletion and modification of data. This is the only way to ensure that the data used has not been manipulated.
Availability
Data availability is an essential point so that companies can access the data they need when they need it. You can specify whether various measures have been taken (fire extinguishers available, uninterruptible power supply, etc.) to ensure data availability. Furthermore, the backup strategy used is also documented.
Management of requests from affected parties
The GDPR gives every EU citizen the right to know what personal data a company has stored about him/her. Upon request, this data must also be deleted(right to be forgotten) if no other legal regulation exists (documentation obligation, retention obligation, etc.). With easyGDPR Standard, you can manage such requests and thus maintain an overview and prevent legal disputes caused by unanswered requests.
Advantages of easyGDPR Standard at a glance
- Create detailed documentation with little effort
- Various templates speed up the documentation process
- Consideration of the Austrian and German data protection laws
- Optimized for DSGVO implementation for medium and large businesses with only one location
- Creation of order processing contracts according to DSGVO, no lawyer necessary
- PDF export of your documentation
- Fast adaptation to changes in business processes