GDPR demand analysis/GDPR Quick Check
By the use of short, specifically asked questions you are getting to know your GDPR status in just a few minutes. This status provides you with the essential information about what measures are necessary to be GDPR ready.
Record of Processing Activities (ROPA)
You can capture all processes where you are collecting personal data. Many templates make the acquisition especially efficient. That reduces the duration of the creation of the ROPA and prevents that important procedures are being forgotten.
Moreover, branch-specific templates also exist, and many processes are already filled out. With that the record of processing activites according to the GDPR is a piece of cake.
You can conduct a risk analysis for every processing activity with easyGDPR lite. This function shows you what risks are posed to the collected data. You can assess how high the risk would be, if
- data is not available temporarily,
- data is lost permanently or
- data is stolen or published on the internet.
For each of these points a separate risk assessment can be made. If you are processing special categories of data (sensitive data like health data, biometric data, religious affiliation, etc.), you should perform a privacy impact assessment according to the GDPR. You have to be able to provide these privacy impact assessments if requested by the ICO. If you are not sure if you have to perform a privacy impact assessment or not, please contact a GDPR expert or utilise our easyGDPR consulting.
Register for data processors
With easyGDPR you can create a register for your data processors. If you are transferring your collected data to service providers you also have to conclude an agreement concerning data processors according to the GDPR with these organisations.
In the measures catalogue you can document in four categories what measures you have set to ensure data protection.
easyGDPR will ask you what measures you have taken to reduce the danger of a data theft. Here you can not only document measures in the IT security area, like if you have a firewall and a virus scanner, but also the organisational measures, like the existence of alarm systems and access control systems.
With a form you can document how data is being protected from unauthorised access. Alongside questions about password guidelines and administrator rights, you can also document your dealing with old files and documents (e.g. the existence of a data shredder).
Data integrity describes if the existing data is correct and if it is comprehensible if data has been altered. easyGDPR asks you if you are logging the input, the deletion and the alteration of data. Only with this measure you can ensure that the used data has not been manipulated.
The data availability is an essential point for organisations to access the necessary data whenever it is required. You can also state if measures have been taken (like the existence of a fire extinguisher, uninterruptible electricity supply, etc.) so that the availability of the data can be guaranteed. Additionally, you can also document your used backup policy.
Advantages of easyGDPR lite at a glance
- Small aboriginal cost
- Create an extensive documentation with little effort
- Sundry templates accelerate the documentation process
- Consideration of the UK Data Protection Act
- Optimised for the GDPR implementation for one-person-enterprises, small and medium sized organisations (SME)
- PDF of your documentation
- Quick adjustment in case of changes of the business processes
- If required, we are also offering easyGDPR in combination with our workshop
You can order easyGDPR lite at our online store.