ALREADY TRUST DOCUO
GDPR mandates the creation and storage of a certain set of records. In addition, GDPR requires several procedures to be followed including: designating Data Protection Officers, reporting privacy breaches in a timely manner, and demonstrating data retention policies/consents.
Stop using unreliable ad-hoc Excel spreadsheets to fulfill these requirements. Docuo GDPR takes care of all of these requirements quickly through the use of automated operations saving you time and resources.
GDPR obligates, as per Art. 30, keeping written documentation, overview and analysis of procedures by which personal data is processed. This must be made available to authorities upon request.
Docuo GDPR stores these records in a secure database, fills in relevant information, and automatically generates detailed documentation for GDPR authorities, colleagues and managers as needed.
This allows for up-to-date record keeping, timely reporting, and efficient data protection procedures.
Within the GDPR (Art. 35), the Privacy Impact Assessment refers to the controller’s obligation to conduct an impact assessment when a Data Processing Activity requires it. Proper documentation of this process is imperative and needs to occur prior to starting the procedure.
Docuo will tell you when a PIA is neccessary and helps you in performing and documenting it.
In order to demonstrate that the processing of personal data complies with the GDPR and Spanish Ley Orgánica, the outcome of the PIAs need to be analyzed and managed appropriately.
Docuo helps you establish a universal risk scale to quantify risks and document the appropriate strategies to mitigate them.
According to recent surveys*, manual processing of a single Subject Rights Request (SRR) costs organizations over €1200. Moreover, for a vast majority of SRRs, response times take over two weeks. Docuo GDPR enables online submissions for SRRs and automates response workflows, resulting in a process that is 5 times faster than manual procedures. This alleviates tremendous administrative and operational burdens from your business.
Recital 59 of the GDPR states that if you collect and process personal data by electronic means, individuals should be able to complete and submit their GDPR rights requests electronically. Beyond electronic submission, request fulfillment must follow a repeatable and scalable process in order to remain compliant, and meet legal deadlines. This process includes seven key steps for each Service Rights Request to provide a valid response:
Right to be informed, right of access, right to rectification, right to erasure (AKA right to be forgotten), right to restrict processing, right to data portability, right to object, and right to opt-out from automated decision making algorithms or a simple question to the DPO.
In Europe, including Spain, people can contact your organization as soon as tomorrow to request any of these rights.
Docuo enables mobile friendly online submission forms that you can link from legal texts and websites, enabling a 24×7 electronic submission method.
In both European and Spanish law, there are strict deadlines for sending responses to Subject Rights Requests received from individuals. The information that needs to be
sent back is highly specific to the request type. Sending compliant responses is a huge
challenge for many organizations.
Docuo automates the workflow to build, review and send a response up to 5 times faster than manual procedures. Automatic emails, response templates, deadline alerts and Docuo mobile apps, streamline teamwork so all involved departments can collaborate in setting up the response document. You can even customize the provided response workflows to match your organization’s requirements.
Docuo’s rich API enables your IT department to connect all Docuo GDPR software operations to third-party systems.
From storing final response documents/reports in Microsoft SharePoint to checking personal data with Identity and Access Management (CIAM) systems, various plugins and customizations are available to minimize manual GDPR operations.
Many organizations rely on third parties to process personal data. From cloud storage services to private managing agencies or marketing partners, you must have a data processing agreement with each of these suppliers to achieve GDPR compliance. Furthermore, if you provide any data processing services, you must sign these agreements with your clients too.
Reducing the time to sign these contracts from weeks to hours is possible through Docuo’s advanced electronic signature, in accordance with European eIDAS regulation.
Once the data processing activity and the relevant third parties involved have been identified, the GDPR states that a data processing contract must be signed with each of those parties.
The data processing contract workflow begins with a contract request and continues through the stages of internal approval, negotiation and signing (remotely when available). Once in force, obligations, rights, audit, renewal, closure and eventual archiving should be managed. Data deletion verification is an important part of closing the Processing Agreement and should be specifically addressed.
Use our supplied Microsoft Word Data Processing Contract template as recommended by the Spanish Data Protection Agency or create your own custom contract templates.
Docuo will manage contract authoring, review approvals by both your organization and your clients / suppliers, send of automated emails with comments, and reject or approve links until the final document is ready to sign.
Send email signature links to your clients and suppliers so they can sign Data Processing Contracts in a matter of minutes. They will receive a secure validation SMS on their mobile device and can draw their signature on it.
Signed agreements will have full legal validity thanks to biometric signature registration and Docuo features which are 100% compliant with eIDAS regulation. If you prefer, you can use Qualified Electronic Signature with trusted electronic certificates or even fallback to a classic manual signature when needed.
Let Docuo warn you when Data Processing Contracts are close to expiring. Track data destruction protocols and retention policies as agreed. Create and send data destruction certificates automatically to your clients when requested to do so.
Be informed of all Data Processing Contract process states including execution, amendment, obligations management or audit. Create custom email templates for automated workflow alerts and save time by automating Data Processing Contract management and surveillance.