GDPR Risk Evaluation
GDPR Risk Evaluation
For many companies, efforts to comply with the Data Protection Regulation (EU GDPR), which has come into force since 25 May 2018, have focused on the correction of the corporate website, the public statement that so-called "cookies" and Google Analytics for the collection of personal data be used, and that these tools can also be turned off by the visitor of the website.
However, the fulfillment of the law is by no means sufficient. Avoiding or minimizing future risks in order not to be sentenced to sometimes very high penalties under the new GDPR - that is still a great show of strength. Your data protection officer will confirm it.
Additional expenses for the fulfillment of GDPR compliance are mainly caused by
► Article 15 (Right of access of the data subject)
► Article 30 (List of processing activities)
► Article 31 (cooperation with the supervisory authority)
► Article 33 (notification of personal data breaches to the supervisory authority)
► Article 34 (Notification of the person concerned by an infringement of the protection of personal data)
► Article 35 (Data Protection Impact Assessment)
What we deliver ...
Together with our partner Prosper Intelligence, we offer a 3-tier GDPR service package to minimize the GDPR-RISK in your company. For a general introduction to the subject see our introductory video (in German).
Here, our unique selling proposition is your advantage: With the help of our KI-Robotic GRC | 365 appliance, we can offer you a range of services that goes far beyond a conventional GDPR assessment.
Above all, this concerns the critical core of data protection issues such as: at which locations, in which infrastructure, on which storage media and storage locations, via which applications and processes personal data are stored and processed.
Step 1: GDPR - Core Intelligent Assessment (CIA) (datasheet)
Create a stable base for the continuous GDPR conformity with a review.
The central challenges for the implementation of the GDPR are the required transparency of the IT landscape - that is, cartography of the IT infrastructure and the data on it. Your company has always had personal data in different locations and departments by employees or online. Systems are stored and further processed according to the processes. Often these are stored by humans and machines in different places, copied or secured. How, what, when and why has not been documented so far. So there is no reliable, complete and thus elementary overview to meet the basic requirements of the DSGVO.
The cartography of your IT landscape is created with our KI Robotic GRC | 365. A single appliance scales to 500 computer workstations and 200 servers. Special settings ensure a comprehensive coverage in your company and guarantee a work-legally correct procedure. Encrypted channels ensure a secure connection.
Depending on the complexity of this matter is done in 1-5 business days. Our AI builds its knowledge with the collected information and thus ensures your GDPR compliant transparency. After only a few days, your entire IT landscape will be searched for personal data.
Together with our partner, we will check whether the required database encryption is carried out in your business applications and whether access via the application or directly in the database complies with the guidelines. At the same time, our KI searches fully automatically, comprehensively or specifically for all trays for Excel, Word, PDF, CSV and TXT files.
With its mental lexicon, it examines each individual file for personal data. Since we assume that our customers are internationally active, our KI does it in 30 different languages.
Depending on the complexity of your company structure, we have reliable information about the current status after only 3-6 weeks. However, in order to be able to assess the risk correctly, we simulate an inspection with our partner by the supervisory authority. The resulting findings will then be part of our final report, including a catalog of measures.
With our service GDPR-CIA you can ensure the data security and resilience of the state-of-the-art systems and fulfill your obligation to register for data breaches within 72 hours.
⇒ Learn more about the benefits of the GDPR - Core Intelligent Assessment (CIA) (datasheet).
Step 2: GDPR - Intelligent Risk Assessment (IRA) (datasheet)
Seamless legal and economic risks of the GDPR knowledge in the age of hybrid enterprises.
Companies are increasingly interconnected via interfaces, exchanging sensitive personal data with high intensity in digitized form and then processing it according to different processes in their companies (hybrid operation). Examples include payroll accounting by a tax consultant, customer advertising via external agencies, outsourced IT to external service providers or the partial fulfillment of orders.
Hybrid processes also refer to processing processes within a group of companies on a national or international level. Personal data of internal and external are an integral part of the regular exchange between organizations and are permanently enriched or updated. It is precisely this enrichment and update that increases the GDPR risk many times over.
The value of a lost record depends e.g. according to this, whether an included e-mail address, address, marital status or nationality is currently relevant. It is quite possible that you too, in the course of the economic chaining on behalf of your business partners, process personal data and are responsible for their compliance with GDPR, if you do not already act as subcontractor to subcontractors.
It is your responsibility to know what legal and economic risks your company is facing. Also, always compare the profit generated from such operations with the risk. If your business partners do not work in compliance with the GDPR, their loss of reputation can also have legal and economic consequences for your company.
The GDPR-IRA deals with the identification of risks in cooperation with business partners and customers and is based on the successful implementation of the GDPR-CIA. Our KI Robotic GRC | 365 uses the data transparency already built in to provide a holistic view, including attribution of due diligence and user and owner responsibilities in processing. Of course, people, machinery and contractual obligations are fully included. There is a complete closure of loopholes between legal and technical issues to ensure full compliance even in hybrid operations.
⇒ Learn more about the achievements of the GDPR - Intelligent Risk Assessment (IRA) (datasheet).
Step 3: GDPR - Intelligent Risk Management (IRM) (datasheet)
Long-term compliance with GDPR conformity.
The long-term compliance with GDPR conformity is about the timely execution of
► Article 15: Our software enables timely and automated collection of your database, document & spreadsheet systems for data of data subjects who requested information.
► Article 17: If the data of the source of information has been found, a deletion in the aftermath, subject to the valid legal situation, can be implemented practically and automatically.
► Article 33: Surveillance capabilities will quickly detect potential injuries and provide necessary information about the incident.
► Article 34: Data subjects can be identified by means of copies of data scattered throughout the company and notified in accordance with the Regulation. Virtually every stored record exists in a company at least twice.
► Article 35: The necessary impact assessment shall contain all relevant information for the authorities. These details confirm the authorities that your company has used sufficient funds. Our service also includes the opportunity to more intensively support your internal DSGVO managers in order to ensure their lasting affinity.
⇒ Learn more about the services of the DSGVO - Intelligent Risk Management (IRM) (datasheet).