| INTERACTION WITHOUT TECHNOLOGY|
This area refers to failures that cannot be controlled by technology. An example would be divulging a user password in conversation. The best way to prevent breaches at this area is to continuously train employees.
| INTERACTION WITH TECHNOLOGY|
The next area is the business activity performed by workers. To comply with the GDPR, current procedures must be performed in a certain way and new procedures must also be implemented.
| SYSTEMS AND CYBERSECURITY|
Another area affected by the GDPR is the architecture and network management of the company. This area covers aspects such as network security systems to prevent cybersecurity failures.
AuraPortal GDPR is a unique tool since it has features that cover the spectrum of needs for any type of company such as: Unlimited requests, Unlimited surveys, Unlimited processes, Multi-language, Support platform, 1000 GB storage, Initial training and Initiation.
Complete compliance management:
Processing, Purposes, Lawful Basis, Data subjects, Incidents, Breaches, Risks, Data Processors, External Portals, Reports, Alerts, etc.
Show that the organization has followed the 6 basic principles of the new regulation.
Complete management of Explicit Consent including: Contractual Execution, Legal Obligation, Vital Interest, etc.
Validate all personal data with lawful bases, purposes, times and processing.
Lawful bases have a period of validity. Manage the renewal and the consequences of those that become invalid.
To request Consent, inform about Privacy Policies, and any other type of notification either by email, SMS, etc.
Step by step, all the information required for the complete management.
Controls and manages the data retention periods of each activity / purpose, critical for compliance with the regulation.
All Data Processing has its associated Security Measures.
Register of the location of personal data processed by the organization.
Contains an assistant and the automatic generation of impact evaluation reports.
Record the reasons why the Impact Assessment is not required.
This list accelerates the identification of risks and can be modified to suit the company.
Includes list of mitigating measures which the user can modify and expand according to their needs.
The tool guarantees the execution of designated mitigating measures, through control of workflows, alerts and reports.
Includes templates for the required reports. The user can modify them and include new ones.
Portal for the data subject to exercise their rights, consult their personal data, legitimate bases, purposes, processing, retention periods, etc.
Portal for any data subject to register an incident with their personal data through a predesigned process.
Predesigned incident management process in accordance with regulatory requirements.
Management and control of time limits, including the 72-hour deadline stipulated in the regulation.
Technical and organizational tool that demonstrates diligence, degree of intentionality of the infringements and cooperation with the control authority.
Creation of an Access Portal for Data Processors, with predesigned processes to comply with the regulation.
The new regulation requires stringent control of Data Processors.
Customized dashboard to give the DPO a complete view of regulatory compliance.
Monitors all the procedures carried out for complete traceability.
The user can create new files when necessary and for all areas, including those which are not related to data protection.
The user can create unlimited procedures, even for areas that are not related to data protection.
Multi-Entity tool, Multi-Language, different aspects for different users, corporate image, add or remove screen fields, etc. and all this without any programming!
Exclusive portal for the Data ProtectionOfficer (DPO) which centralizes all processes involved in the GDPR, and can generate reports for correct decision making.
100% customizable Portal.
Focusing on decision making.
Adaptable to smartphones and tablets.
Nota: No se incluye en esta actividad ningún tipo de consultoría de carácter legal acerca de la normativa RGPD y todo lo que no esté explícitamente declarado anteriormente.