Most legislations around the globe have the same core pillars around which the privacy requirements are build. We have created our core modules to offer these universally used pillars of privacy compliance to privacy professionals all over the world.
The ROPA documents all processes within your company that use personal data. It aggregates all necessary legal information such as the purpose of processing as well as the legal basis for processing. Through intelligent linking to deletion and retention periods and our system landscape, you can always know which deletion and retention periods apply to each system (on prem and in the cloud).
It is imperative for data protection and privacy compliance to know to which vendors personal data is transferred. With this knowledge, you can set standards (technical and organizational measures) as a baseline and sign appropriate data processing agreements.
Each company has to have technical and organizational measures in place to secure the processing of personal data. By using accepted standards and conducting regular reviews, the organization can make sure that it is always up to the state of the art. Using the company standard, it is easy to evaluate the vendors and determine their compliance with your own standard.
When a data breach occurs, a company must be ready. Documenting all steps the company takes and monitoring the time limits on reporting to data protection authorities and affected persons becomes especially important. The Priverion Privacy Operations Platform will keep an eye on your deadlines for you.
Every processing of personal data carries a risk for the rights and freedoms of the persons whose data is processed. To adequately manage the risk, each processing in the ROPA has a specific likelihood and amount of damage the affected person might incur. This makes it possible to identify the risky processes in the company and to take adequate measures to minimize the risk.
Regular reports for management or compliance can be created on the push of a button. Get a report for specific periods of time, even years back. Discuss complex transfers of data with your stakeholders by visually showing them the data flow. Easily explain from whom the data is collected, via which interfaces the data enters the company, how it is processed, shared, stored and ultimately deleted.
Requests from data subjects are becoming more and more common. When a request is received, it must be processed, documented and monitored for compliance with deadlines. Through the data subject request management, you can answer requests and always have a checklist of systems which must be checked for the data subjects information.
Modern data protection and privacy laws have some form of PDCA (Plan-Do-Check-Act) Cycle implemented. To correctly and diligently manage data protection and privacy, the company must conduct regular reviews to check for changes and to take actions if necessary. For this, the review module monitors all elements in the Priverion Privacy Operations Platform and informs the responsible person for the element to conduct a review. Every review result is logged and stored in a audit trail.
Every company is subject to different laws. Using the Priverion Multi-Law feature, each company can select the different laws which apply to it. From the general GDPR requirements to the Swiss Data Protection Law or the Brazilian LGPD Law.