GDPR demand analysis/GDPR Quick Check
By the use of short, specifically asked questions you are getting to know your GDPR status in just a few minutes. This status provides you with the essential information about what measures are necessary to be GDPR ready.
Record of Processing Activities (ROPA)
You can capture all processes where you are collecting personal data with easyGDPR Standard. Many templates make the acquisition especially efficient. That reduces the duration of the creation of the ROPA and prevents that important procedures are being forgotten.
Moreover, branch-specific templates also exist, and many processes are already filled out. With that the record of processing activities according to the GDPR is a piece of cake.
You can conduct a risk analysis for every processing activity with easyGDPR Standard. This function shows you what risks are posed to the collected data. You can assess how high the risk would be, if
- data is not available temporarily,
- data is lost permanently or
- data is stolen or published on the internet.
For each of these points a separate risk assessment can be made. If you are processing special categories of data (sensitive data like health data, biometric data, religious affiliation, etc.), you should perform a privacy impact assessment according to the GDPR. You have to be able to provide these privacy impact assessments if requested by the ICO. If you are not sure if you have to perform a privacy impact assessment or not, please contact a GDPR expert or utilise our easyGDPR consulting.
Agreement concerning data processors
If you are transferring the collected data to service providers you have to conclude an agreement concerning data processors according to the GDPR with this organisation. With easyGDPR you can document if these agreements have been concluded or not.easyGDPR Standard allows you to create the suitable agreements concerning data protection automatically. By this you are not only saving time, you are also saving costs for solicitors, etc.
In the measures catalogue you can document in four categories what measures you have set to ensure data protection. These steps will be included automatically in your GDPR documentation.
easyGDPR will ask you what measures you have taken to reduce the danger of a data theft. Here you can not only document measures in the IT security area, like if you have a firewall and a virus scanner, but also the organisational measures, like the existence of alarm systems and access control systems.
With a form you can document how data is being protected from unauthorised access. Alongside questions about password guidelines and administrator rights, you can also document your dealing with old files and documents (e.g. the existence of a data shredder).
Data integrity describes if the existing data is correct and if it is comprehensible if data has been altered. easyGDPR asks you if you are logging the input, the deletion and the alteration of data. Only with this measure you can ensure that the used data has not been manipulated.
The data availability is an essential point for organisations to access the necessary data whenever it is required. You can also state if measures have been taken (like the existence of a fire extinguisher, uninterruptible electricity supply, etc.) so that the availability of the data can be guaranteed. Additionally, you can also document your used backup policy.
Data Subject Requests Management
According to the GDPR, every EU citizen has the right to know what personal data an organisation is saving about them. By request this data must be deleted (right to be forgotten) if no other legal regulations applies (documentation obligation, obligation to preserve records, etc.). With easyGDPR Standard you can manage this kind of requests, keep track of them and prevent litigation from not answered requests.
Advantages of easyGDPR Standard at a glance
- Create an extensive documentation with little effort
- Sundry templates accelerate the documentation process
- Consideration of the UK Data Protection Act
- Optimised for the GDPR implementation for medium-sized businesses and large firms with only one location
- Creating agreements concerning data processors according to the GDPR without the help of a solicitor
- PDF of your documentation
- Quick adjustment in case of changes of the business processes