GDPR Compliance Database

The Altova GDPR Compliance Database makes it easy to organize information about your organization’s repositories of personal data in a straight-forward, structured way.

Finally, there is a long-term solution for maintaining an ongoing record of personal data stores to ensure your organization’s processing of personal data is handled in line with the principles of the GDPR.
GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) is a set of privacy and data protection rules that apply to organizations that process personal data of people residing in the European Union and European Economic Area (whether the organizations are located in the EU or not). The goal of GDPR is to give individuals more control over their personal data and at the same time simplify the regulatory environment for international businesses.

The rules of GDPR ensure that personal data is collected under strict conditions and oblige the entities that collect the data to protect it from misuse and exploitation.

Starting May 25, 2018, all organizations doing business in the EU or with EU customers became subject to GDPR regulation. Data protection measures are required to be built into the design of business processes that collect personal data. If a data breach occurs that compromises the privacy of one or more people, it must be reported to the supervisory authority. As such, companies need to ensure that the appropriate technical and organizational measures are in place to protect data, and they must document all storage and processing activities. They also must have the ability produce reports on such measures when they are requested.

Tracking GDPR Compliance

To ensure that all the personal data of EU residents held by an organization is processed and stored in compliance with GDPR rules, it’s important to document and continuously track information about the repositories of personal data that your organization maintains. The Altova GDPR Compliance Database gives you an easy way to organize this information in a structured way.

Altova GDPR Compliance Database makes it easy to organize and track information covered by GDPR

Unlike one-off solutions, the Altova GDPR Compliance Database provides an organized, easy-to-use solution for documenting your organization’s handling of personal data now, and in the years to come. Built-in discussion, approval, and change-tracking mechanisms help users understand the reason for, and the impact of, every update.

Using the solution, you can collect all the required information about the data applications, also known as “processing activities” in GDPR parlance, and the data categories used in your organization – both for internal documentation purposes and to generate reports when required.

Advantages of the Altova GDPR Compliance Database include:

  • Centralized, organized documentation of all pertinent information about data applications and the data categories as required by the GDPR.
  • Data stays in house because the solution is installed within your IT infrastructure.
  • Secure, web-based interface that makes it easy for users to access and understand.
  • Support for multiple users collaborating in the solution simultaneously, empowering each department to use its business knowledge to describe the data they use and document the members of the department that can access that data.
  • Built-in approvals process for entered information and any subsequent changes. Management of the approval process and necessary communication (questions to other stakeholders) can be handled within the solution and is stored for documentation purposes.
  • Built-in discussion mechanism for participating in and documenting discussions about approval requests.
  • Change tracking provides a record of updates over time to facilitate long-term maintenance of your GDPR compliance documentation.
  • Auto-generation of reports on data categories and other views in PDF or Word.

How does the GDPR Compliance Database Work?

You install the Altova GDPR Compliance Database in-house, so all sensitive data remains within bounds of your IT infrastructure. Authorized users in your organization access your GDPR Compliance Database securely, via a user-friendly web interface. This means there’s nothing for users to install to get started.

The GDPR Compliance Database provides a centralized location for documenting and managing the relevant aspects of the metainformation pertaining to the personal information your organization collects both internally (e.g., from employees) and externally (e.g., from customers).

Tracking GDPR compliance with an easy-to-use, web based interface

The GDPR Compliance Database groups the metainformation into four components for easy understanding and organization:

  • Metadata - this includes descriptive information about the categories of personal data held by the organization, and how these repositories are structurally linked to physical storage and company personnel
  • Approvals - the database includes an internal approvals system for changes made to data classifications, ensuring that multiple stakeholders agree on the information and its assessment
  • Administrative - users can conduct discussions of issues that may arise and to track changes to metadata directly in the database
  • Reports - it’s easy to auto-generate GDPR reports about the metadata contained in the solution's database in PDF or Word

Configure Access to GDPR Compliance Database

Configure secure access to your organization's GDPR Compliance Database

Before stakeholders begin entering data, the administrator of your database accesses the Configure page to add company information about departments that process personal data as well as the person(s) in each department who are responsible for the data.

 

Data information is also configured here, including information about data classifications, data usage classifications, and third-parties that also use the data your organization processes in some way (for instance, reseller partners, payroll companies, etc.). Each section provides user-friendly fields that walk you through data entry. You may add your own fields or choose from pre-populated options.

Then, the configured options will be available to users during data entry.

Configure information about departments that handle data covered by GDPR regulation

Enter GDPR Compliance Data

Once the company information is set up, the GDPR Compliance Database makes it straight forward to start entering information about GDPR-impacted data with customized pages for documenting each type of metainformation:

  • Data Categories – Define the data categories that are used to specify properties of the data that applications process.
  • Data Storage – Specify where your organization’s data is stored.
  • Data-processing Applications – List applications in your organization that process personal data.
  • Open Approvals – View category classifications that are ready for review and approval.
  • Completed Approvals – View approvals that have been granted.
  • Discussions – Access all discussions carried out within the system.
  • Changes – Review modifications made to information in the system.
  • Reports – Select different views to auto-generate reports in Word or PDF format.
Enter information to document your GDPR compliance

On each page, the GDPR Compliance Database provides all the fields you need to document each aspect thoroughly. Drop down menus offer relevant choices, and the user may enter additional values as required.

Define GDPR categories easily with prefilled options

Manage Approvals

After entering or modifying a data category in the GDPR Compliance Database, the user requests review and approval by a supervisor, facilitating easy oversight and ensuring that multiple people agree on the information and its assessment. The approval process may require some back-and-forth discussion before the authorized user grants the approval, and this is all documented within the solution.

The Approvals page lists all data classifications and changes waiting for review and approval, and, like all pages of the solution, includes a search box for filtering the results displayed in the current view.

Search for approvals related to GDPR activities

A separate page for completed approvals provides a record of approvals over time and any associated discussions.

Read details about all completed approvals of GDPR information

Built-in Discussion Mechanisms

The Altova GDPR Compliance Database includes discussion mechanisms that allow stakeholders to discuss items during the approvals process.

A discussion can be started about an individual metadata item, for example, about a specific data category or a specific processing activity.

The user who initiates a discussion can select discussion members from among the compliance database users. These users will be notified about the creation of the discussion thread and about any modifications to the thread.

It's easy to view and navigate discussions in the system by viewing them as a group of threads grouped according to the type of metadata. For example, you can view a list of all threads relating to all departments or all processing activities.

Having built-in discussion mechanisms adds to efficiency because problems can be resolved directly in the compliance database, and it provides important documentation about the reasoning behind approval decisions.

Discuss questions about GDPR issues

Tracked Changes

With multiple users collaborating on your system and making changes over time, detailed change tracking is an essential requirement. The Altova GDPR Compliance Database tracks all changes made on each page of the solution (Data Categories, Processing Activities, Approvals, etc.), which you can navigate by date. You can either view changes to all records in the system from the Overview page, or review the changes pertaining to a specific page by clicking Changes on that page.

Providing a comprehensive record of data processing history through the years is crucial for both easy understanding and compliance purposes.

Change tracking in your GDPR Compliance Database helps monitor GDPR issues over time

Generate GDPR Reports

The GDPR Compliance Database auto-generates reports on all processing activities, or a list of processing activities that you have classified as critical. You may also create a report on the current state of category approvals in the system. Reports may be generated in Word or PDF.

Auto-generate reports of your GDPR compliance in PDF or Word

Powered by MobileTogether

Altova created the GDPR Compliance Database using the powerful enterprise app development tools in MobileTogether. When you install the GDPR Compliance Database, you get access to the solution as well as the high-performance MobileTogether Server.

This has two advantages: the solution may be accessed by anyone permitted in your organization via a simple URL, and, if required, you can modify the solution to meet your organization's needs using the free MobileTogether Designer.

Try the Altova GDPR Compliance Database Now

The Altova GDPR Compliance Database files are provided free under the Apache 2.0 license. Operation of the solution requires a license for MobileTogether Server, which you can obtain for a free 30-day trial or purchase via the Altova Online Shop.