Our aim here at GDPR Systems is to make your data protection life a LOT easier.
We do this by taking you through a process which ticks most
of the boxes designed to enable you to demonstrate, evidence and manage all of
your GDPR responsibilities.
Ultimately we aim to ‘Make Complex Simple’.
What Do Our Systems Offer You?
A key part of the GDPR is knowing where personal data sits
in your organisation. Our OFFICE system enables you to create comprehensive
asset lists of both digital and non-digital assets which serve as the bedrock
of your data protection accountability. For CCTV the system enables you to
document all of your cameras and storage devices (NVR/DVR) in a simple and
Understanding how personal data flows through your
organisation is a critical component of the GDPR and for most of our clients it
is the most challenging!
With our systems you will be able to document where you get
your personal data from, where it goes internally and ultimately where you send
it thereby understanding in great detail the complete eco system of data flows
that your organisation undertakes.
Assets are key – but your people are more important. Both OFFICE and CCTV systems enable you to document all personnel who have access to personal data both inside and outside of your organisation. We then ask you to assign each person to the relevant asset as this ensures that you have a record of accountability which can easily be traced should the need arise.
Knowing what personal data you process is absolutely critical to your GDPR accountability and transparency. You will be able to assign which personal data is linked to each asset AND tie it in with the relevant person that has access to it.
For each use of personal data you are required by law to
choose an appropriate lawful basis in order to process correctly. Our systems
enable you to choose simply and easily which basis you deem as the most appropriate
– and then provide evidence of this choice.
Digital Security Gap Analysis
Knowing where to focus your attention is key to your ongoing
data protection responsibilities. Our simple traffic light system enables you
to see at a glance where the key security issues lie thus enabling you to
prioritise which of your systems need immediate attention.
If your organisation is a data processor or joint data
controller, you will be required to evidence that you have all relevant
contracts in place with your data controller.
If you are a data controller you will need to be able to
evidence that you have documentation in place which informs all of your suppliers
what you expect from them and/or what they have in place from a GDPR perspective.
Our systems enable you to upload the relevant contracts for your ease and convenience.
For ease of reporting to senior management or your
supervisory authority we have created 3 reports for your benefit.
Accountability – Engaging with the GDPR creates
a lot of information – this report distils that information into relevant
summaries of the key information required – it identifies your inbound and
outbound data flows and includes each use of personal data, which data is
included, your purpose for using it, your chosen lawful basis, your retention
period and where you send the data.
Gap Analysis – being able to see at a glance
where the gaps are in your OFFICE system as a whole is critical to the smooth
ongoing management of your GDPR responsibilities. Our Gap Analysis report
enables you to see which assets need attention, which personnel need assigning
and which personal data fields need attention.
Personal Data Locator – when a request for
information comes into your organisation, you need to be able to move quickly to
answer the request or question. The Personal Data Locator report will tell you
where each type of personal data that your organisation processes is held or
used. This could be on an asset or in a data flow. You can also choose to only
find data that relates to children should you need to.
– One of the key responsibilities that your organisation has is to have up to
date relevant policies and procedures. Each of our systems gives you bespoke documentation
which includes a breach management policy and procedure, subject access request
documentation is updated automatically as you use the system so you don’t have
to worry about trawling through old paper documents to try and update them
Upload – Of course you may have already spent lots
of money on having your own documents written so we give you a place to store
all of your relevant data protection documentation so that you don’t have to
move the water cooler to find the policy you are looking for!
There are different people with different levels of access
to personal data within your organisation. Some will need access to your OFFICE
or CCTV GDPR System and others won’t even know it exists! We don’t want you to
be hamstrung by this, so you have the opportunity to add unlimited users to
enable you to demonstrate full transparency and accountability. You can even
add outside suppliers to the system (IT company for example) so that they can
populate the system with the information you pay them to know and then you can
delete them afterwards.
Bespoke Management overview Facility
If your organisation has many different locations or departments
it represents a data protection management nightmare. This system enables your
DPO or organisations lead on data protection to access, view and report at a
granular level on your organisation as a whole whilst being able to drill down
to each site’s specific progress with their data protection responsibilities.