Features -compliance software, data protection, GDPR regulation, automation

GDPR Auto Features

Embedded
Legal Audit / GAP Analysis

Upon first initialisation, with the definition of a main organisation, the platform presents a full legal audit covering the processes, data, classes and types being processed and/or controlled, automatically tailoring a bespoke configuration based on the responses submitted. The responses to the legal audit provide a full GAP Analysis report highlighting all the aspects that the company needs to start working on, in order to achieve GDPR compliance. The report is a detailed list of actions that are purely tailored on the answers of the audit itself.

At this stage, if it is determined that any internal policies inherent to the data types being handled are missing, the system will make available all legal documentation in templated text document formats enabling the achievement of full compliance.

Additionally, with the definition of the various data subjects being processed or controlled, GDPR Auto further reconfigures options available, providing additional audits relative to each of the predefined data subjects.

The audits themselves allow for full version control, keeping an audit of all past reviews and GAP Analysis reports. This legal audit is derived directly from the requirements set forth in GDPR and provides the building blocks for the ongoing governance of the Regulation. GDPR Auto subscribers may additionally benefit from specialist legal assistance as included with the package purchased.

Data Maps

What the General Data Protection Regulation refers to as the mapping of data processes can be one of the most cumbersome tasks to manage within an organisation.

GDPR Auto provides a tool at data subject level to allow an organisation to map all the data elements that are stored across the organisation. This tool allows you to map data held in systems, in physical locations, and any other medium into one dashboard. The Data Mapping tool also allows you to define the location of each respective data set together with the owner managing that location.

Keeping this data map updated for all your subject data allows GDPR Auto to automate all client requests in the most efficient of ways. Automated workflows with system owners simplify the management of such processes whilst auditing all the required actions being carried out within the respective time period.

The data map also allows the user to define the internal policy of data retention at field level, allowing an organisation to tailor the system to their bespoke needs whilst reducing the risk that they run on withholding data on subjects.

Indivdual Subjects / Centralised Personal Data Audit

With the system fully configured, following the completion of audits, definition of data classes, field location of data types held and internal resources responsible for their management, GDPR Auto allows for individual subject entry to be executed either manually or via API connection to existing data repositories.

GDPR Auto comes complete with fully documented APIs and can read and write to/from any existing data repository, allowing for the bulk linking of subjects and data held.

Alternatively, for smaller organisations or where data is fragmented along multiple electronic and physical locations, GDPR Auto further allows for manual input and editing.

GDPR Auto does not store any personal data other than the subject’s name and surname, email address and mobile phone number – the latter two fields being fundamental for subject verification whenever interaction requests are initiated.

Having previously identified all data fields being stored for each subject and their electronic or physical location, GDPR Auto will, at this stage create a data map, linking individual subjects with data and their repositories.

Upon subject creation, the platform will additionally audit the legal grounds for processing for all types of data held, indicating whether consent has been granted, together with the date and term validity of the same.

This centralised view of all the types of data held across systems, drillable down to a single subject is in turn automatically fully audited, recording both internal entry modifications and subject-initiated interaction requests, allowing to demonstrate compliance with provisions set forth in GDPR.

Audited Re/Consent in bulk and single subject calls

Once subject data is mapped, GDPR Auto allows for individual and bulk opt-in consent acquisition, as well as regular/scheduled re-consent processes across all aspects of the data being held.

This feature enables the instant identification of what data is authorised for specific use, instantly excluding non-permitted utilisation. Equally, it manages the requirement for individual assent for purposes not yet contemplated and agreed to by the customer, ensuring full compliance with the legal provision.

Instant Servicing of SAR and Portability Requests

Beyond ensuring internal compliance for the management of data being held, GDPR Auto allows for instant servicing of subject-driven Subject Access Requests (SAR) and Portability Requests.

In aiding both the DPO and subjects alike, within GDPR Auto the process for initiating such requests has been built with extreme ease of use firmly in mind. Subjects will be requested to sign into a request form, wherein the data will be validated to avoid any incorrect requests. Once verified, SARs are delivered to the registered email address in PDF format with all data as specified by the DPO to be visible within such reports. Similarly, Portability Requests are also instantly served over email with an XML dump of all relevant information allowing subject data portability.

Executed either manually or via API-driven data polling, both subjectinitiated requests are central to the provisions laid out by the regulation and GDPR Auto ensures that timeframes as stipulated at law are strictly adhered to without further taxing and straining internal resources.

Instant Data Change and Termination Requests with 2FA

Within the GDPR, data controllers and processors are obliged to provide subjects with a means to update their data and ensure that whatever information being kept is correct.

GDPR Auto caters for this feature by providing subjects with a secure portal, bolstered by 2 factor authentication, through which data can be managed and requests for updates to be communicated. Once reviewed by the DPO, such change requests are communicated internally over the platform to the previously specified data owners for execution and automatically reported back to the subject.

Through the same mechanism, GDPR Auto also allows for subjects to send in termination requests instantly, triggering alert-based notifications when such requests have been submitted ahead of internal assessment for validity and compliance within stipulated timeframes. GDPR Auto offers four types of terminations namely:

DELETE – instantly sending a delete request to all system owners of the respective data subject. The system will then auto delete the record in question too, leaving no trail of the initial record.

ANONYMISE – whereby GDPR Auto instructs all system owners to replace all identifiable data with a specific randomised irretrievable key.

PSEUDONYMISE – a system that allows the retrieving of the original data on a subject through a key that the same subject is in control of. This allows for re-instating of past subjects upon their request.

INTERNAL ANONYMISE – an internal anonymising control to protect from the risk of storing data in view of any legal obligation there may subsist.

All inbound requests and internal processing interactions are automatically recorded in a tamper-proof, system-wide audit trail, ensuring tangible proof of compliance.

Central Dashboard and Notifications

Within the opening screen in GDPR Auto, the DPO is presented with a concise and visually clear graphic dashboard and notification panel, both features being invaluable in simplifying the workload required and simultaneously minimising scope for human error.

For immediate updates allowing for instant processing, within the notification panel, GDPR Auto displays filterable trigger-based alerts, inbound requests and review notifications, also delivered via email.

The central dashboard presents a host of aggregator charts notifying the DPO of the current snapshot of the status and timeframes of the data being processed, including:

Total subject count, split in subsets by type, as well as the total number of subjects past their retention with motivations for processing or lack thereof. Clicking through this chart the DPO can drill down to individual subject level and address any pending anomalies. This chart highlights one of the biggest risks in GDPR – data which you are keeping past retention with no valid ground of processing.

Total subjects, split by consent or lack of, and a drill-down chart of unconsented subjects further split by subject class and data type. Equally, in this instance, the DPO can click through to filter individual subjects and maintain full compliance.

The dashboard also provides the DPO with a dynamic tool to push subject driven requests to all system owners, having a constant visual cue on which processes are being fulfilled and which need working on.

The quarantine zone is also another key feature within GDPR Auto which is a vital safety measure to avoid risking any breaches within the process. This queue allows for the constant monitoring of data subjects who have pending requests in the system. Such a queue safeguards you from using data on such subjects until the request has actually been serviced internally.

Malta:	School Street, Naxxar NXR 2560 Malta
Spain:	Mod. 1.20, Edificio CEEIC, Calle Berlin, Pol. Ind., Cabezo Beaza, Cartagena, Murcia 30353, Spain