GDPR Governance

Is your company ready to comply with the data protection regulation?

Looking for a proven path to ensure GPDR compliance?

Do you want a continued governance solution?

Do you need an independent solution that doesn't condition the several areas and is compatible with other existing tools?

GDPR Governance is the compliance solution you are looking for!

What does the tool allow us to do?

Announce the role and name of the DPO and publish the Personal Data Protection Policy

Officially appoint the DPO, that must have the necessary competencies to perform the role
Write and publish a simple, perceptible personal data protection policy, that’s in-line with the business model
Personal Data protection is a goal of the entire organization

DPO

Awareness

Identify a strategy and plan a privacy and awareness project

Define a strategic objective for processing personal data
Define a project calendar with the DPOs tasks
Involve all critical areas (HR, IT, Financial, Legal Risk Management and Audit)
Define an awareness plan with a legislation guide, brochure and online training

Identify and record personal data operations

Our organizations collect and treat different types of personal data, so it’s important to ensure that the inventory of the existing data is done correctly, as well as of its treatment and the registration of actions and protective measures
Have a clear approval process , with evidence of approval in "workflow"
Guarantee the lawfulness of the treatment through the consent of the holder, in accordance with the law
The registration of these activities is in the basis for the legal validation of data protection measures and evidence of governance

Personal Data

Transparency

Identify Individual Rights and Transparency

Individuals have the right to be informed about data and categories of data processed, recipients of data or categories of recipients, retention period and treatment criteria. Materializing:

Right of access
Right to be informed
Right of rectification
Right to erasure
Right to restrict processing
Right to object
Right to data portability
Opposition to automated decisions and profiling

Privacy by design, privacy by default, PIA e DPIA

Implement a process with adequate technical and organizational measures to protect personal data during the development phase of a product (privacy by design)
Ensure that controllers only process the required data in a secure and adequate manner (privacy by default)
PIA and DPIA are risk management and analysis tools that allow an assessment of processing operations to ensure the rights and freedoms of data subjects and identify technical and administrative protection measures

Privacy

Monotoring

Manage compliance, risk and monitor

One of the biggest changes is related to compliance which imposes the correct application of the principle of "accountability." Controllers and processors are now required to demonstrate their own compliance, so organizations have to implement accountability processes and have a proper track record of activities
In summary, it is expected from the regulator's point of view that organizations have evidence of implementing a compliance culture far beyond tick-box compliance
Involve all critical areas (HR, IT, Finance, Legal Risk Management and Audit)
GDPR requires controllers and processors to maintain a record of processing activities in writing and to demonstrate governance and the implementation of the appropriate measures

GDPR Maturity Model

Level 1

Inicial

Ad hoc Processes

Know the legislation

Level 2

Development

Leadership

Named DPO

Initial awareness-raising

Level 3

Defined

Initial plan design

Data Protection Policy

Departmental accountability awareness

Level 4

Managed

Definition of data collection and elimination processes

Definition of third-party treatment (subcontractor)

DPIA Risk Analysis

Technical protection measures

Monitoring

Level 5

Optimized

Embedded risk culture

Individual responsibility

Continuous improvement cycle

Response to Data Breach security incidents

Recuperation plan

Demonstrate compliance