Purpose of the GDPR module
The module aims to support the administrative and analytical activities of GDPR and consistently integrate these tasks in to our information security management system. Aims to facilitate and maintain demonstrated compliance responsibilities. Supported GDPR activities:
- Records of data processing activities
- GDPR compliance gap analysis and remediation planning
- Performing data protection impact assessment with risk treatment
- Data protection incident registry
Records of data processing activities
The basic documentation requirement of the EU 2016/679 GDPR regulation is the record of data processing activities. In order to demonstrate compliance with GDPR, the data controller or data processor shall keep a record of his data processing activities. In SeCube inventory, we support the registration of data processing activities and personal data sets with GDPR required attributes (such as legal basis, purposes etc.) and integrate it with the organization’s asset and operational model. We can link data processing activities, data sets, IT systems and other resources, represent it graphically, and run ad-hoc simulations on this data management model.
GDPR compliance assessments
In the module we can perform audit surveys. The GDPR module includes a GDPR audit package compiled and continuously developed based on KÜRT consultancy projects, with more than 260 requirements. The audit package is systematic extract of the requirements of the EU 2016/679 GDPR regulation and, furthermore, contains additional best practices and data security requirements. The audit package can be customized by the organization. This will enable the organization to conduct detailed compliance status surveys. For revealed findings, remediation action can be prepared, with future forecasts and reminder emails. By maintaining the audit results we can get a continuous overview of our GDPR compliance status and we can generate GDPR Compliance reports as we needed.
Data protection impact assessment
In case of data processing activities with high risk, data controller shall carry out data protection impact assessment. This assessment is a personal data-focused data protection risk analysis. GDPR module support the execution and continuous maintenance of this assessment. During the analysis we can evaluate our existing organization and technical protection measures against data protection focus vulnerabilities and threats, then pairing it with potential data subject impacts and business loss. We can make risk treatment plan for data protection risks, with future forecasts and email reminders. At the end of the process, a comprehensive word format Data Protection Impact Assessment Report can be generated, on demand, which includes:
- records of data processing activities
- description of the methodology used
- execution of the assessment
- the revealed data protection risks
- risk management measures
GDPR action plans
We can write and maintain action plans with forecasts for our existing audit findings and data protection risks and set up email reminders for responsible. By tracking the defined measures we can maintain an up-to-date GDPR demonstrated compliance deliverable sets, and can generate actual reports on demand.
Recording of data protection incidents
In an auditable way, we can keep a record of our data protection incidents.
- Register of data processing activities
- GDPR compliance audit report with action plan
- Data protection risk list with risk management plan
- Data Protection Impact Assessment Report with risk management plan
- Data protection incident registry