DPOrganizer i GDPR
GDPR requires you to:
1. Know how and why you process personal data
2. Be able to demonstrate that you know, and also that your processing of personal data is lawful
3. Be able to act quickly if a supervisory asks questions, if a data subject exercise its rights,or if an incident occurs.
DPOrganizer makes it easy to
1. Map and document your data processingactivities
2. Keep the inventory updated and involvethe organisation in that work
3. Visualize data flows and chains of responsibilities, and report the data processing to internal and external parties GDPR.
Article 5 establishes fundamental principles for processing of personal data. Among other things, it is stated that personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject, that it shall be collected for specified, explicit and legitimate purposes, and that it shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
It is also established that the controller shall be responsible for, and be able to demonstrate, compliance with the above.
DPOrganizer makes it easier to identity where e.g. data processing may not be processed lawfully, or where there is a lack of specific and legitimate purposes of processing. DPOrganizer also makes it possible to demonstrate compliance, by making sure the relevant details about the data processing are captured, documented and can be made available to internal and external parties upon request.
Article 6, 9 and 10
Article 6 describes when processing of personal data is lawful, i.e. legal grounds for processing. According to article 9 and 10, even more consideration is required in case of processing of special categories of personal data and data relating to criminal convictions and offences.
In order to ensure compliance with these articles and also article 5, it is necessary to identity and document the legal ground for each processing activity.
With DPOrganizer, you make sure there is a legal ground for each purpose of processing for each category of personal data related to each category of data subjects.
Article 12, 13 and 14
Transparency in relation to the data subject is a fundamental principle, and articles 12-14 sets out the details as regards the level of transparency required.
In order to ensure that the information to data subjects reflects reality, you need to make sure your processing activities are well documented. DPOrganizer makes that easy.
The data subject’s right to access follows from article 15. For example, the data subject is entitled to be informed about what type of data is processed and why, where the data is collected from, for how long it is stored and who it might be shared with.
DPOrganizer makes it easy to find the relevant information required to answer to a data subject’s request. Most of the information is available directly in DPOrganizer, and the actual personal data of the individual in question, you will know where to find it thanks to the information stored in DPOrganizer.
Article 16, 17, 18, 19 and 20
Under articles 16 to 20, important rights of the data subjects are set out. In order to accommodate requests, the key is to know who you are processing personal data, where it is stored and who it is shared with.
DPOrganizer gives you the means to get an overview of your processing activities, and to find what you need in order to accommodate the requests of the data subjects.
Article 24 requires the data controller to implement appropriate measures to ensure and to be able to demonstrate that processing is performed in accordance with the GDPR.
DPOrganizer helps you ensure and demonstrate compliance with the GDPR, by giving you a structured and detailed inventory as well as overview, and improved control and access to relevant information to deal with requests and concerns from internal and external parties.
A data controller shall maintain a record of processing activities under its responsibility, and the record shall contain name and contact details of the controller and the data protection officer, the purposes of the processing, a description of the categories of data subjects and categories ofpersonal data, recipients to whom the personal data have been or will be disclosed including such in third countries, information about international transfers, time limits for erasure of the data, and a description of technical and organisational security measures.
The records shall be in writing, and shall be made available to the supervisory authority on request.
With DPOrganizer, you make sure your record is complete and up to date, and easily shared with the supervisory authority when necessary.