Data Protection Management System (DSMS):
For the protection of personal data
The EU GDPR, known internationally with the abbreviation GDPR (General Data Protection Regulation), places data protection in Germany and the European Union on a uniform legal basis. Since May 25, 2018, companies have, among other things, the following obligations under the new General Data Protection Regulation: Know when, how and where personal data is collected and processed. You have to prove that you comply with the new data protection regulations and that you are technically and organizationally able to provide this evidence at any time. Data protection violations must be reported to the data protection supervisory authority within three days. Requests for information from people must be answered within a certain period of time. Personal data that is no longer required, is out of date or has been stored illegally must be immediately and securely deleted. In certain cases, a data protection officer must be appointed. In
Chapter IV, the EU GDPR also requires the establishment of a list of processing activities (Art. 30 EU GDPR) as well as the implementation of data protection impact assessments (Art. 35 EU GDPR) if there is a high risk to the rights and freedoms of natural persons. In addition, suitable technical and organizational measures must be taken to ensure adequate protection of personal data and data security. All of this shows that the protection of data and information as well as the security of data processing is not a one-time process, but an ongoing task in companies that can only be implemented and maintained professionally, transparently and GDPR-compliantly with the right software solution.
Our software solution supports you in all aspects of data protection:
- Analysis of protection requirements from the perspective of data protection
- Recording and control of all measures to guarantee data security and lawful data processing
- Recording, reporting and handling of data protection incidents
- Monitoring of all processes, assets, risks and measures through meaningful dashboards and reports
- Carrying out internal audits and self-reviews to ensure and maintain data protection, e.g. in accordance with ISO 27701
The data protection solution is designed in such a way that companies can access the basic elements of business process, asset, risk and measure from ISMS clients and combine them with the documented processing activities in the data protection client.
Advantage: The common database for information security and data protection enables the simple use of data such as business processes, assets (e.g. information, applications, infrastructure, personnel), risks and measures. There is no need to maintain redundant data.
Business processes, assets, risks, protective measures and other basic elements can of course also be documented independently for data protection
The list of processing activities is a central part of the EU GDPR. For this, essential information must be given about: the purposes of data processing, the categories of data subjects, personal data and recipients, as well as the specified deadlines for the deletion of the various data categories.
- The data protection management system offers companies and data protection officers the opportunity to record all data protection-related aspects in a structured and convenient manner.
- The input mask for the processing activities can be flexibly expanded to include customer-specific properties (customizing).
- Collection and implementation of risk assessments from the perspective of data protection (integration of data protection criteria into the assessment)
- Integration of individual threat and vulnerability catalogues to carry out detailed risk analyses
- Definition of risk treatment strategies (e.g. reducing, avoiding)
- Definition of technical and organizational measures (TOMs)
- Establishing links to data protection impact assessments, processing activities, data protection incidents, procedures (business processes), assets
A data protection impact assessment is the assessment of the consequences of processing operations for the protection of personal data if the form of data processing is likely to result in a high risk for the rights and freedoms of natural persons (cf. Art. 35 Para. 1 GDPR).
- Our solution supports you in deciding whether to carry out a data protection impact assessment. This can be created for only one or for several processing activities.
- The input mask for data protection impact assessment can be flexibly expanded to include customer-specific properties (customizing).
- Directory of processing activities
The report "Directory of processing activities" provides all the information required by the EU GDPR at the push of a button and can be made available to the supervisory authority on request. The directory can be created from the perspective of a controller as well as from the perspective of a processor.
- Data protection impact assessment
The “Data Protection Impact Assessment” report provides all the information required by the EU GDPR at the push of a button and can be used, for example, in the context of a consultation with the supervisory authority.