The GDPR Compliance portal and Back Office is the single most powerful tool available to deal with and ensure that you are GDPR Compliant in all your processing. It is the a single "Per Processing" compliant model and it works by allowing you to customise each data collection and / or data processing that you do so the correct information is recorded and provided to data subjects as required by the GDPR.
This is what the GDPR Compliance Portal and Back Office does!
It's called "Data Driven Per Campaign Processing" and it's turn-key.
Every time you want to capture data, and process that data, you create a processing campaign using the Compliance Portal and let it do all the heavy lifting and hard work. You may not realise it but there can be more than 20 contact relationships for a single processing effort. Controllers, Processors, Agreements, DPO, Data Subjects, Policies, learning, your IT Team, your marketing and digital media team, EU Representative, Codes of Conducts, Data Subject Rights, requests and processes. Each of these will most likely be a unique combination for each processing. So what is a processing, well it can be something as simple as your Website cookies, a newspaper competition, website blogs, data collection for email promotions, trade show data collection, telephone marketing, call-center operations, all of which maybe a different processor than you. You will most certainly deal with the data in a different way and the purpose is definitely different. So you need all those relationships with each for each. If you did all the things listed you would have a network of some 140 contact relationships. Now consider that you may outsource your call-center operations to a call center in a non-EU authorised country that is not owned by you. Well that just got completely different again.
How it works...
Your business controls and maintains all the relationships with each data collection or processing.
Immediately the Portal has loaded more than 20 X ISO 27001 / 27002 Information Security Management Framework - Policy and Standards documents loaded that will customise to your membership immediately. This is the Requirement for "Organisational Measures" within the GDPR. This also includes, Guides, Forms, Checklists and Weekly, Monthly, 3-monthly, 6-monthly and annual compliance action lists, that relate to the Policy and Standards.
When you create a "Data Driven Processing Campaign" the outcome is the EU Contracts and Agreements (10) that are required between the controller (11) and the Processor (12) with respect to the location of each and the data that is to be processed or collected, which AUTOMATICALLY generates the required data collection statements, Data Subject Rights Notification Documents, and all the necessary opt-in/opt-out forms and packages it all as neat little URLs which you can add to emails, web sites etc.
You are now ready to collect the data or do the data processing. Remember this is unique for each processing, and it MUST be recorded as such. The Portal will also allow you to perform a quick Risk Assessment on the spot!
The Portal will generate the forms necessary together with the notices for the data subjects.
All Data Subject compliance is handled by your outsources ISO-accredited Certified Data Protection Officers, who will be able to see your policies, procedures etc together with the details of the collection or processing as an integrated service, as if they are working at your office.
Any issues with the Supervisory Authority are managed between the EU Representative (9) and the DPO (7). We are supporting and officially representing your compliance efforts - its all part of your membership.
You are required to have an EU Representative if you are not located in the EU but want to trade in the EU. We provide this as part of your membership.
If you add new controllers which may be subsidiaries or sub-members, they may require a variety of compliance documents such as agreements, EU representations etc. These are automatically generated if new relationships are formed, so you can always show that these agreements are in existence.
You can create and reuse Controllers and Processors or the relationship. Remember that binding agreements are required between controllers and processors that are not in the EU and more so, if they are located in countries that are not Approved by the EU Parliament.
Processors are integrated, so businesses that manage multiple controllers and processors like Advertising Agencies are able to mix and match from their pool of resources.
The Portal has built-in Processor and Staff training resources. A GDPR Requirement for Non-EU processors is that they receive some training in data privacy and handling procedures, so this short staff training can be made available to all the staff at the processor that handle the personal data.
When a processor staff member completes the training, your business can see who has successfully completed the training as part of the Risk Assessment and your Information Security Management Framework.
Finally, a number of reports are generated, as required by the GDPR. All available at your fingertips.
You can see why eu.uk.com is your best choice for turn-key compliance. Join Today, start preparing and get ready with the minimum of fuss.