What are the cornerstones of a sound data protection management system?

The legal requirements of the GDPR include documenting data processing operations, managing and documenting commissioned processing operations, monitoring technical and organizational measures, authorization concepts, deletion concepts, conducting data protection impact assessments, handling data protection incidents, and communicating with data subjects. You can systematically organize these legal requirements with the help of our data protection management software.

Why can we save much time by creating a ROPA in the platform?

The creation of a register of processing activities is required by law. The structured design of a ROPA using the Priverion platform is fast and helps with legal certainty. Automatic updating, notices in case of legal changes, and the reusability of the documentation within the group of companies saves much effort.

How does the data protection platform support us in the event of data protection incident/data breach?

All steps taken by the company in the event of an incident are documented in the Priverion Platform. The deadlines for reporting to data protection authorities and affected persons are automatically monitored.

How does the platform support us with the legally required reviews and audits?

The Audit Management module supports you in continuously monitoring all elements of the data protection platform. Automated processes inform the person responsible for the element that a review has been performed.

How can we document and prove these audits?

A tool-based audit is conducted, and the responses and results get collected and documented. The platform provides a central overview of all audits, including the results.

Who monitors companies for compliance with data protection laws?

Compliance with data protection laws in a company is monitored by both the data protection officer and the responsible supervisory authority. The supervisory authorities are granted extensive investigative powers for data privacy compliance monitoring. By using the Priverion platform for documentation, you can prove your data protection compliance to the supervisory authority at any time.

Our company operates internationally. How can I ensure that we comply with the respective laws?

Whether GDPR requirements, Swiss data protection law, or the Brazilian LGPD, with the Priverion Multi-Law function, each company can select different rules that apply to them with one click to activate the legally required information or identify the necessary assessments. The user is actively alerted to missing content, resulting in legal certainty in many countries.

SaaS

Set up your Privacy & InfoSec

The advanced modules give you everything you need to run efficient Privacy & InfoSec operations in your organization. The modules include everything to comply with your legislation, such as GDPR, LGPD, or DSG.

See our modules in action

Everything you need to get started

All modules you need for Privacy & InfoSec

Most legislations around the globe have the same core pillars around which the privacy requirements are build. We have created our core modules to offer these universally used pillars of privacy operations module or compliance to privacy professionals all over the world.

Register of Processing Activities (ROPA)

The ROPA documents all processes within your company that use personal data. It aggregates all necessary legal information such as the purpose of processing as well as the legal basis for processing. Through intelligent linking to deletion and retention periods and our system landscape, you can always know which deletion and retention periods apply to each system (on prem and in the cloud).

Data Processor Management

It is imperative for data protection and privacy operations module compliance to know to which vendors personal data is transferred. With this knowledge, you can set standards (technical and organizational measures) as a baseline and sign appropriate data processing agreements.

TOM Management

Each company has to have technical and organizational measures in place to secure the processing of personal data. By using accepted standards and conducting regular reviews, the organization can make sure that it is always up to the state of the art. Using the company standard, it is easy to evaluate the vendors and determine their compliance module with your own standard.

Data Breach Management

When a data breach occurs, a company must be ready. Documenting all steps the company takes and monitoring the time limits on reporting to data protection authorities and affected persons becomes especially important. The Priverion Privacy Operations module Platform will keep an eye on your deadlines for you.

Risk Management (by Data Flow)

Every processing of personal data carries a risk for the rights and freedoms of the persons whose data is processed. To adequately manage the risk, each processing in the ROPA has a specific likelihood and amount of damage the affected person might incur. This makes it possible to identify the risky processes in the company and to take adequate measures to minimize the risk.

Reporting & Data Flow Visualization

Regular reports for management or compliance can be created on the push of a button. Get a report for specific periods of time, even years back. Discuss complex transfers of data with your stakeholders by visually showing them the data flow. Easily explain from whom the data is collected, via which interfaces the data enters the company, how it is processed, shared, stored and ultimately deleted.

Data Subject Request Management

Requests from data subjects are becoming more and more common. When a request is received, it must be processed, documented and monitored for compliance with deadlines. Through the data subject request management, you can answer requests and always have a checklist of systems which must be checked for the data subjects information.

Reviews & Audits

Modern data protection and privacy laws have some form of PDCA (Plan-Do-Check-Act) Cycle implemented. To correctly and diligently manage data protection and privacy, the company must conduct regular reviews to check for changes and to take actions if necessary. For this, the review module monitors all elements in the Priverion Privacy Operations module Platform and informs the responsible person for the element to conduct a review. Every review result is logged and stored in a audit trail.

Multi-law feature (by legal entity)

Every company is subject to different laws. Using the Priverion Multi-Law feature, each company can select the different laws which apply to it. From the general GDPR requirements to the Swiss Data Protection Law or the Brazilian LGPD Law.

Risk Assessments

Using assessment templates you are able to assess any risk in a standardized process. Due to the standardization, the assessments are comparable and InfoSec as well as Privacy Compliance can work together without asking the same questions twice. This is a game-changer.

Vendor Management

Assess your vendors using standardized assessments or download previous assessments from the Priverion library. Using automated or manual acceptance of answers, you can be sure your vendor has everything in order. Evidence is securely stored and previous assessments can be used for the next assessment of the same vendor. This way, the vendor does not have to enter everything again. Only edit changes. This is why vendors love the Priverion solution.

SaaS