The Altova GDPR Compliance Database makes it easy to organize information about your organization’s repositories of personal data in a straight-forward, structured way.
The General Data Protection Regulation (GDPR) is a set of privacy and data protection rules that apply to organizations that process personal data of people residing in the European Union and European Economic Area (whether the organizations are located in the EU or not). The goal of GDPR is to give individuals more control over their personal data and at the same time simplify the regulatory environment for international businesses.
The rules of GDPR ensure that personal data is collected under strict conditions and oblige the entities that collect the data to protect it from misuse and exploitation.
Starting May 25, 2018, all organizations doing business in the EU or with EU customers became subject to GDPR regulation. Data protection measures are required to be built into the design of business processes that collect personal data. If a data breach occurs that compromises the privacy of one or more people, it must be reported to the supervisory authority. As such, companies need to ensure that the appropriate technical and organizational measures are in place to protect data, and they must document all storage and processing activities. They also must have the ability produce reports on such measures when they are requested.
To ensure that all the personal data of EU residents held by an organization is processed and stored in compliance with GDPR rules, it’s important to document and continuously track information about the repositories of personal data that your organization maintains. The Altova GDPR Compliance Database gives you an easy way to organize this information in a structured way.
Unlike one-off solutions, the Altova GDPR Compliance Database provides an organized, easy-to-use solution for documenting your organization’s handling of personal data now, and in the years to come. Built-in discussion, approval, and change-tracking mechanisms help users understand the reason for, and the impact of, every update.
Using the solution, you can collect all the required information about the data applications, also known as “processing activities” in GDPR parlance, and the data categories used in your organization – both for internal documentation purposes and to generate reports when required.
Advantages of the Altova GDPR Compliance Database include:
You install the Altova GDPR Compliance Database in-house, so all sensitive data remains within bounds of your IT infrastructure. Authorized users in your organization access your GDPR Compliance Database securely, via a user-friendly web interface. This means there’s nothing for users to install to get started.
The GDPR Compliance Database provides a centralized location for documenting and managing the relevant aspects of the metainformation pertaining to the personal information your organization collects both internally (e.g., from employees) and externally (e.g., from customers).
The GDPR Compliance Database groups the metainformation into four components for easy understanding and organization:
Before stakeholders begin entering data, the administrator of your database accesses the Configure page to add company information about departments that process personal data as well as the person(s) in each department who are responsible for the data.
Data information is also configured here, including information about data classifications, data usage classifications, and third-parties that also use the data your organization processes in some way (for instance, reseller partners, payroll companies, etc.). Each section provides user-friendly fields that walk you through data entry. You may add your own fields or choose from pre-populated options.
Then, the configured options will be available to users during data entry.
Once the company information is set up, the GDPR Compliance Database makes it straight forward to start entering information about GDPR-impacted data with customized pages for documenting each type of metainformation:
On each page, the GDPR Compliance Database provides all the fields you need to document each aspect thoroughly. Drop down menus offer relevant choices, and the user may enter additional values as required.
After entering or modifying a data category in the GDPR Compliance Database, the user requests review and approval by a supervisor, facilitating easy oversight and ensuring that multiple people agree on the information and its assessment. The approval process may require some back-and-forth discussion before the authorized user grants the approval, and this is all documented within the solution.
The Approvals page lists all data classifications and changes waiting for review and approval, and, like all pages of the solution, includes a search box for filtering the results displayed in the current view.
A separate page for completed approvals provides a record of approvals over time and any associated discussions.
The Altova GDPR Compliance Database includes discussion mechanisms that allow stakeholders to discuss items during the approvals process.
A discussion can be started about an individual metadata item, for example, about a specific data category or a specific processing activity.
The user who initiates a discussion can select discussion members from among the compliance database users. These users will be notified about the creation of the discussion thread and about any modifications to the thread.
It's easy to view and navigate discussions in the system by viewing them as a group of threads grouped according to the type of metadata. For example, you can view a list of all threads relating to all departments or all processing activities.
Having built-in discussion mechanisms adds to efficiency because problems can be resolved directly in the compliance database, and it provides important documentation about the reasoning behind approval decisions.
With multiple users collaborating on your system and making changes over time, detailed change tracking is an essential requirement. The Altova GDPR Compliance Database tracks all changes made on each page of the solution (Data Categories, Processing Activities, Approvals, etc.), which you can navigate by date. You can either view changes to all records in the system from the Overview page, or review the changes pertaining to a specific page by clicking Changes on that page.
Providing a comprehensive record of data processing history through the years is crucial for both easy understanding and compliance purposes.
The GDPR Compliance Database auto-generates reports on all processing activities, or a list of processing activities that you have classified as critical. You may also create a report on the current state of category approvals in the system. Reports may be generated in Word or PDF.
Altova created the GDPR Compliance Database using the powerful enterprise app development tools in MobileTogether. When you install the GDPR Compliance Database, you get access to the solution as well as the high-performance MobileTogether Server.
This has two advantages: the solution may be accessed by anyone permitted in your organization via a simple URL, and, if required, you can modify the solution to meet your organization's needs using the free MobileTogether Designer.