umschalten auf

EasyGDPR

Approaching GDPR can be very difficult. Our mission is giving you the tools and resources to make the process as easy as possible.

Here is how we can help you:

  • booksGDPR Resources
    EasyGDPR delivers a cross referenced version of the original GDPR text and blog articles around GDPR. This is a free resource to make it easier for you to stay informed and prepared.
  • icon-clipboard-check
    The first step - beyond learning about GDPR - is to assess where you are and what you need to do.
    You can hire experts to handle the whole process. Our expert network helps you find the proper people. However having experts handling everything is quite expensive. We want to empower you through a self-assessment with our easyGDPR Online Assistant. The Online Assistant will guide you through several questionnaires. Your answers are automatically evaluated. Based on your answers the system triggers more questionnaires until a clear picture on your current status is achieved.
    Our GDPR Assessment Engine evaluates your answers and gives you immediate feedback on risks and suggested tasks. The result is shown in an easy to understand dashboard. This will immediately help you see risks and choose what to do to be compliant.
    There will be several versions available to match your needs. We also plan industry specific versions.
    Some questions may be too technical/specific/... for you to answer. easyGDPR allows you to assign sub questionnaires to subject matter experts as needed. This can be your network administrator, software vendor, your lawyer or a GDPR expert. This makes the process very streamlined and easy.
    Self-assessment cannot replace experts. But it will make you well prepared so you can use expert time very effectively. You don’t need to pay experts to take you through steps you CAN do by yourself.
    GDPR requires you to prove you did what is feasible to be compliant.( GDPR Article 5 Paragraph 2) easyGDPR also gives you an audit trail about all considerations on your way to become compliant. We guide you through all areas you should consider. This is proof to the authority that you did pay attention to the law and did whatever you can to fulfil the law.
    read more more_horiz

  • school
    It is crucial to understand the implications of GDPR and to train your team to respond to GDPR requests properly. To make this easy we provide an Online Training platform where you can take free basic GDPR classes.
    On top of the free content there are in depth classes available.
    We also offer customized trainings for your employees. This way you can validate that your team knows what it needs to know to handle GDPR requests properly. Participation on the training can be monitored and quizzes verify knowledge.
    Our goal is to make sure your team will handle GDPR properly. The damage of bad GDPR handling is severe. See ( GDPR Article 83 Paragraph 2)

  • hammer-wrench
    Our experts are available to help you personally.
    Our team has 25 years of experience on data integration and analytics.
    We can help you find personal data in legacy source systems, help you implement data retention policies, integrate your data, check your system settings, validate security and much more.

    Apply for a free consultation

  • Expert Network
    We have a network of
    • GDPR consultants
    • Database experts
    • Firewall and network security experts
    To connect you with people who can help you go through the process and fix and change what needs to be changed.

    Apply for a free consultation

  • usersb
    read more more_horiz

    Data Subject Communication

    GDPR gives data subjects the right to
    Everyone has the right to ask IF you have stored their data. Not answering within a month gives the data subject a right to file damages. They also can file complaints to the GDPR authority.
    The challenge here is that EVERYONE has the right to ask IF you have their personal data. You may (and probably will) get a LOT of GDPR requests from data subjects where you do not have any data at all.
    As mentioned above - not giving correct answers can easily trigger damage claims and expensive lawsuits.
    This is a toxic risk for most companies.
    Manually handling these claims and answering each of these requests is a huge manual labor. You actually have to check all potential data sources from email store to mailing list, phone protocol,  ERP System, ... to give a proper answer.
    Integrating all potential personal data in one place to be able to answer these requests may sound compelling but can violate the GDPR principle of data minimisation. It also creates a complete profile of each data subject and for that you would need a DPO just for this profiling. And this data silo is another single point of failure for data breaches. That's why - in most cases - the answer to this problem is not just creating a complete central data subject repository.
    Our solution for data subject interaction aims to give you
    • Online access to the general information about your data processing
    • An online tool to check IF data about a data subject is stored
    • Automatic data subject identification
    • Optional automatic personal data delivery
    • Optional automatic data correction and deletion requests
    While you have following benefits:
    • NO effort for your company handling requests IF data is stored
    • NO personal data is duplicated (no additional risk for data breaches)
    • NO critical data subject profile is created
    • NO requester needs to access your network directly (keeping your network safe)
    The most critical piece is to protect your company from floods of GDPR requests by people who are not even stored in your databases.
    If requests from actual data subjects create a large workload we can automate the actual personal data delivery, rectification and deletion.
    To achieve this we invented a technology in cooperation with the Vienna University of Technology to collect anonymous information about data subjects from all your data sources and to collect this information (a hash code and what type of info you have) on a cloud system. This system will verify data subjects identities by email or phone (more methods to follow) and gives them feedback if their data is stored.
    If this system is hacked or a data breach would occur the data found there is worthless. There are only hashcodes of email addresses and phone numbers that cannot turned back into the original addresses and numbers. This makes the whole system easy to use and safe. In the Enterprise Edition 100% of the system can be adopted to match your company's individual needs.
     
    read more more_horiz

GDPR in Norway – Personal Data Act

GDPR in Norway – Personal Data Act GDPR starts to pertain within the EU at 25th May 2018. Since Norway is not an EU Member, GDPR in Norway is not directly effected. However Norway is a member of the European Economic Area (EEA) and gets GDPR in place a …

by as on 04/09/2017

Free GDPR Roundtable Event in London

Free GDPR Roundtable Event in London April 26th, 5pm-7:30om at WeWork OldStreet, London Significant changes have been long overdue but now are imminent – The EU General Data Protection Regulation (GDPR) goes live 25th May 2018. This new legislation represents the most wholesale changes in privacy and data protection regulation since digital collection began. This regulation came about after more than four years of deliberations and negotiations and will impact all levels of organisations worldwide. With the penalties reaching an upper limit of €20 million or 4% of annual global TURNOVER the time to act is now.

by as on 14/04/2017