GPDR

General Data Protection Regulation

You collect or process personal data, i.e. “any information relating to an identified or identifiable individual.”

You carry out operations involving personal data (collection, registration, organization, conservation, adaptation, modification, extraction, consultation, use, communication by transmission or any other form of provision, reconciliation).

You want to take steps to ensure that this data is used to respect the privacy of the individuals involved.

You are wondering if having a data protection representative in your organization is mandatory.

What is GDPR ?

The General Data Protection Regulation (GDPR) is a legal framework in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). As the GDPR is a regulation and not a directive, it is directly binding and applicable, but certain aspects of the regulation can be adjusted by the individual member states, when they implement it into national law.  

The GDPR’s primary aim is to enhance individuals’ control and rights over their personal data and to simplify the regulatory environment for international business. The regulation contains a number of provisions and requirements related to the processing of personal data of individuals located in EEA. As one of the toughest privacy laws, the GDPR imposes obligations onto organizations anywhere in the world, as long as they target or collect data related to people in the EEA, regardless of the citizenship of these individuals.  

This solution will provide your company guidance on how to become and stay compliant with the GDPR.

Use our platform to comply with GDPR

1. Controlling the governance of your organisational personal data

  • Unlimited users and profiles.
  • Tutorials for self-learning the solution.
  • Premium online support.

2. Training and Awareness

You have to develop a culture of compliance in your organization and respond to the constant changes imposed by regulatory updates. For this, we offer you access to a training register associated with e-learning courses concerning the GDPR.

3. Records of data processing including GDPR by design

You need to create a registry of data processing. For this purpose, we provide you with an access to a pre-identification of 55 000 data processing for 700 industries, and you will be able to define your own registry format while benefiting from advanced filters. You can also define reproducible models for all or part of the legal entities you manage.

For your future projects, the GDPR by design module allows you to organize your internal processes and ensure that data protection is taken into account at all times.

4. Gap Analysis, Action Plan, Automated Privacy Impact Assessment with Collaborative Compliance Management

Gain time by sending evaluation questionnaires to the persons concerned. Their answers are automatically analyzed, allowing you to obtain in a few hours compliance gap analyses, your modifiable PIAs, automated action plans with pre-filled modifiable recommendations. Then manage compliance actions in collaborative mode to update your documentation in real-time.

5. The management of third parties

Once you have implemented your compliance, you need to ensure the compliance of your processors. Our solution assesses the risk of the processor thanks to cyclical controls and modifiable questionnaires potentially adaptable to several regulations and internal processes (Anti corruption, Cyber, …) and to several departments (HR, technical, purchasing, etc.). You will have a global view of the level of compliance and risk that your third-party contractors pose to you, and access to records of deviations. If you have secondary subcontractors, our solution integrates them so that you have a complete view of your entire subcontracting chain.

6. Data breaches

In case of data breaches, our solution guides you through all the steps, possibly to the control authorities. You will be able to record the incident: its qualification, the third parties involved, the degree of severity, the measures to be put in place, the notifications of the DPO, the persons concerned, the evidence and the task management and obtain with a click the information to be transmitted to the authorities.

7. Requests for exercising rights

Rights requests are either manually entered or created from a form or retrieved from your emails. You can notify stakeholders based on customizable email templates to confirm that they have received and executed the requests, and if necessary to automatically restart them. For internal data, you’ll be able with our optional Smart Forensic solution to identify the person’s data and automate requests from start to finish until anonymization.

We manage cookie consent by generating a script to integrate on the site and you can update it and save it in your own database.

8. Documentation

We offer you access to a library of pre-filled documents of editable templates. You can also import your own documents and insert them into your own document center. Your colleagues will know where the latest file is.

9. Certification and national and European legal watch

You will choose a standard and a process to be audited: we will convert the existing documentation to the format of the chosen standard and complete it so that you can obtain your certification. Our solution works for Europrivacy and ISO 27001.

When you choose Europrivacy , we would inform you of the changes in the regulations and the means to put in place to comply if you are no longer compliant, thanks to our Europrivacy accreditation, which gives us an access to the evolutions of the GDPR, to the national specifications, to the jurisdiction and to the new recommendations of the control authorities.  .

10. Internal audit and control

Our solution allows you to build a database of evidence to prepare your audits in the form of collaborative checklists.

11. Data Protection Officer

The Data Protection Officer has extraordinary means of synthesis and action for all the subjects he deals with and can automatically create his annual reports in his compliance interface, monitor the compliance status of the entities he supports.

Smart Global Governance solutions can be activated independently of each other depending on the level of compliance you want to address.

Additional benefits

Smart Global Governance  is the operational software solution that automates key processes in Ethics, Compliance  and Controls. It can be used for implementation and compliance management with all local and international regulations as well as internal controls and procedures.

Requirements
Browser up to date, internet access.

Recommanded Association(s) 

  • Helping to define data retention policies in 80 countries, Smart Retention Duration.
  • Automatic discovery of Smart Forensic to compile/keep processing records, verify the proper application of international transfer rules or data retention policies.
  • Preparing for Europrivacy
  • Preparing for ISO 27001 / 27701 certification.

Compatibility

  • Can operate as a main solution or as a complement to an existing solution.
  • All Smart Global Governance Solutions.