1.Context Definition, Changes Management and Privacy Risks
The reformulation of the business strategies, the reorganization of the company processes, the redesign of the information system and the revision of contracts, delegations and appointments are managed in KRC® in terms of the risks of privacy. Appointment of the Data Protection Officer (Data Privacy Officer DPO), Classification of Treatments, Purposes, definition of Security Measures.
2.Data Processing and Information and Consent Management
It allows the identification of the various interested parties to which certain purposes are associated and related offices, describing the collection, management and deletion of data. The limits on the authorized processing of personal data and the criteria for transferring data outside the EU and for infringement cases are defined.
3.Impact Assessment (Data Protection Impact Assessment DPIA or PIA)
It allows an assessment of the necessity and proportionality of a treatment with respect to the risks for the rights and freedoms of individuals. The DPIA is a tool that allows the Owner not only to meet the requirements of the GDPR, but also to demonstrate that appropriate measures have been taken to ensure compliance with the EU GDPR Regulation 679/2016.
4.Identification Risks, Analysis, Security Measures and Evaluation
It allows to identify the risks for each interested party and specific purposes, to define as-is or to be measures according to risks and vulnerability. Through the green or red traffic lights on categories of security measures it is possible to define the Probability and the Gravity and relative calculation of the Risk.
5.Risk Management and Action Plans Management
It allows you to manage the assignment and management of activities, the frequency and the relative responsibility, the schedule with notification of warning and alert, the registration of the accomplishment of the documents, the upload of the documentation, the closure.
6.Reporting of Data Breach Events
Management of data breaches: from reporting, to evaluation, to communication and processing and drafting of procedures for the violation of personal data (Data Breach) with the guarantor.
7.Mainenance and Control
Generate the Register of treatments (Privacy Register) by the Data Controller and each Data Processor. Drafting of the Privacy Management System Manual.
The top management and the DPO have the ability to monitor in real time the compliance with all the requirements with a single control dashboard. Simplifies the procedures and controls required by the regulatory provisions.
Assessment Privacy and gap analysis to the new European Regulation 679/2016:
|The KEISDATA consultants are prepared to provide informative and training activities based on the needs that emerged during consultancy support.|
|Integrated Areas and Flows|
The processes of Audit, Targets, Operational Controls, Event Management and Non-Conformity and Re-examination are managed in integrated flows for the different Management Systems: Environment, Health and Safety, Quality, Energy, Privacy, Information Security, Anti-corruption, Social Responsibility.
Authorization management flow
It allows you to manage authorization from identification to assigning responsibilities. Create the authorization framework, manage the related activities and create the authorization register. Generates the schedule with notification of notice and registration of the successful completion with upload of the documentation.
Human Resources Area
Flow Norms and Laws for the Management of Legal Prescriptions
It allows to produce the regulatory framework, the systematization of the provisions contained in the provisions and to assess the legislative compliance by identifying methods of verification and control and those responsible. It generates the regulatory schedule with the sending of prescription notifications to the managers. The rules and laws and the provisions relating to the risk element will be displayed in the risk and environmental aspects forms.
Norms and Laws update service
KEISDATA provides the supply with a fortnightly update of the rules and laws characterized by Scope, Thematic, Sub-topic, Topic and Element of risk with relative upload of the legislative document. Generates the regulatory schedule with notifications to managers.