The topic data protection is especially delicate for corporations. As a result of the digitisation software has been developed and bought but there is no central data storage and normally no data lifecycle management. The legislator has now introduced clear statutory provisions with the GDPR and raises the data protection level heavily. Without measures and external support these demanded provisions cannot be implemented.
easyGDPR is the solution for your data protection problems. This online software enables you to manage all data protection relevant topics. Alongside the easyGDPR software you are also getting comprehensive data protection consulting and support for the implementation of the technical measures with the Enterprise edition.
GDPR Quick Check
An up to date data protection status will be created in just a few minutes for every location through specifically asked questions. Here you can see what measures are necessary on site to meet the requirements of the GDPR at the best.
Risk analysis and GDPR privacy impact assessment
The most frequent risks in an organisation in relation to data protection and data safety is being analysed in the standard risk analysis. You are getting the result for each location shown on screen and you can arrange the necessary improvement activities for all location, central with easyGDPR.
You are not only processing normal personal data but also sensible data, like biometric features (fingerprint lock on your business phone, access controls) with a high risk for the data subjects? The privacy impact assessments are not a new concept, but the use of them was not mandatory under the UK’s Data Protection Act 1998. However, under the changes in the GDPR, the use of impact assessments has been made more explicit and will be compulsory in certain circumstances. This detailed risk analysis can be created for each location central with easyGDPR. If the process changed you can enter the alterations quickly and easily and then generate your privacy impact assessment newly.
GDPR Record of Processing Activities (ROPA)
Each process that saves resp. processes personal data has to be documented explicitly and included in the so-called record of processing activities. This documentation has to be provided to the data protection authority on demand, if not the risk of high fines exists. The penalties of the authority can be up to 4% of your organisation’s annual global turnover.
Creating such a record of processing activities can take up many days resp. even weeks in big organisations. Besides, the documentation has to take place at every location. With easyGDPR you can reduce the effort to only a few hours, thanks to intelligent creation via generator.
The program already has a wealth of templates available, which you can cover most processing activities with (e.g. emails, contact forms, payroll accounting, CRM, etc.). By that you are saving precious time and are simultaneously ensuring that no processing is being forgotten. The documentation can be created without prior knowledge by specifically asked questions and will be generated in the asked form.
If you are adjusting your business processes you can also update the proper documentation, at the click of a mouse – it’s that simple with easyGDPR.
GDPR data processors
If you are transferring personal data to a partner company resp. a service provider, these two would be considered as data processors according to the GDPR. Each data transfer to external organisations has to be documented. Simultaneously, a contract with these organisations compulsory concluded. This contract specifies and regulates the data processing. Otherwise this data transfer is illegal and is penalised by the data protection authority with a fine.
In this day and age, personal data is being transferred to a wealth of service providers, for example:
- Accounting data to auditors
- Customer addresses to parcel services resp. forwarding agencies
- Marketing data to advertising companies
- Customer data to independent representatives
- Customer data and account data to debt collecting agencies
Each of these data transfers is only valid with an agreement concerning data processors and you also have to document it in your data processors register.
With easyGDPR the management of your data processors is a piece of cake. You just state what data is being transferred to what service provider and easyGDPR creates the appropriate documentation automatically. The software also creates the appropriate GDPR agreement concerning data processors for that service provider automatically. With that you’re not only saving time, but you also can save costs for solicitors.
Data protection tasks
You already have an internal data protection officer (DPO)? With easyGDPR your DPO can centrally manage all tasks on the subject of data protection and data safety and your DPO can also keep track of these tasks. You can optimally manage, update and assign everything with easyGDPR, whether it is appointments, deadlines or responsibilities. Decisions on the subject of data protection can be documented immediately in the program, so that it is comprehensible at any time.
Data subject requests
The GDPR grants every data subject the right of disposition regarding their personal data. By request this data must be deleted if no substantial cause is opposed to this request. In big companies these requests can draw from personnel resources. With easyGDPR Standard you get the opportunity to mange these requests centrally and save time due to the simplified management.
Our Enterprise edition is the solution for exposed major corporations. It is geared to the need of these organisations, easyGDPR Enterprise fulfils the demands of a modern data protection according to the GDPR. The advantages are numerous, for more information please contact us.
Automation of data subject requests
Processing the data subject requests can be time-consuming and cost-intensive even with a central management. Manually processing is especially crucial if the personal data is being saved independently of each other in several departments. The enormous effort is only reducible through appropriate automation, today’s systems are not designed for this requirement and fail because of that. The solution is easyGDPR Enterprise. You can answer the data subject requests automatically even if the data is spread across several departments and locations.
Data Lifecycle Management
The GDPR stated very plainly that data is only allowed to be saved and processed for the actual intended usage. If the data is no longer needed, it must be deleted. Often it is not clear what data is still needed. A Data Lifecycle Management for the efficient management is necessary therefor. You are getting a suitable solution to manage data over the entire lifecycle with easyGDPR Enterprise – completely in the sense of the GDPR.