If you or your clients operating in Europe deal with large volumes of personal data, or store sensitive client client information, complying with the European General Data Protection Regulation is a business priority
GDPR mandates the creation and storage of a certain set of records. In addition, GDPR requires several procedures to be followed including: designating Data Protection Officers, reporting privacy breaches in a timely manner, and demonstrating data retention policies/consents.
Stop using unreliable ad-hoc Excel spreadsheets to fulfill these requirements. R2 Docuo GDPR takes care of all of these requirements quickly through the use of automated operations saving you time and resources.
GDPR obligates, as per Art. 30, keeping written documentation, overview and analysis of procedures by which personal data is processed. This must be made available to authorities upon request.
R2 Docuo GDPR stores these records in a secure database, fills in relevant information, and automatically generates detailed documentation for GDPR authorities, colleagues and managers as needed.
This allows for up-to-date record keeping, timely reporting, and efficient data protection procedures.
Within the GDPR (Art. 35), the Privacy Impact Assessment refers to the controller’s obligation to conduct an impact assessment when a Data Processing Activity requires it. Proper documentation of this process is imperative and needs to occur prior to starting the procedure.
R2 Docuo will tell you when a PIA is neccessary and helps you in performing and documenting it.
In order to demonstrate that the processing of personal data complies with the GDPR and Spanish Ley Orgánica, the outcome of the PIAs need to be analyzed and managed appropriately.
R2 Docuo helps you establish a universal risk scale to quantify risks and document the appropriate strategies to mitigate them.
According to recent surveys*, manual processing of a single Subject Rights Request (SRR) costs organizations over €1200. Moreover, for a vast majority of SRRs, response times take over two weeks. R2 Docuo GDPR enables online submissions for SRRs and automates response workflows, resulting in a process that is 5 times faster than manual procedures. This alleviates tremendous administrative and operational burdens from your business.
Recital 59 of the GDPR states that if you collect and process personal data by electronic means, individuals should be able to complete and submit their GDPR rights requests electronically. Beyond electronic submission, request fulfillment must follow a repeatable and scalable process in order to remain compliant, and meet legal deadlines. This process includes seven key steps for each Service Rights Request to provide a valid response:
Right to be informed, right of access, right to rectification, right to erasure (AKA right to be forgotten), right to restrict processing, right to data portability, right to object, and right to opt-out from automated decision making algorithms or a simple question to the DPO.
In Europe, including Spain, people can contact your organization as soon as tomorrow to request any of these rights.
R2 Docuo enables mobile friendly online submission forms that you can link from legal texts and websites, enabling a 24×7 electronic submission method.
In both European and Spanish law, there are strict deadlines for sending responses to Subject Rights Requests received from individuals. The information that needs to be
sent back is highly specific to the request type. Sending compliant responses is a huge
challenge for many organizations.
R2 Docuo automates the workflow to build, review and send a response up to 5 times faster than manual procedures. Automatic emails, response templates, deadline alerts and R2 Docuo mobile apps, streamline teamwork so all involved departments can collaborate in setting up the response document. You can even customize the provided response workflows to match your organization’s requirements.
R2 Docuo’s rich API enables your IT department to connect all R2 Docuo GDPR software operations to third-party systems.
From storing final response documents/reports in Microsoft SharePoint to checking personal data with Identity and Access Management (CIAM) systems, various plugins and customizations are available to minimize manual GDPR operations.
Many organizations rely on third parties to process personal data. From cloud storage services to private managing agencies or marketing partners, you must have a data processing agreement with each of these suppliers to achieve GDPR compliance. Furthermore, if you provide any data processing services, you must sign these agreements with your clients too.
Reducing the time to sign these contracts from weeks to hours is possible through R2 Docuo’s advanced electronic signature, in accordance with European eIDAS regulation.
Once the data processing activity and the relevant third parties involved have been identified, the GDPR states that a data processing contract must be signed with each of those parties.
The data processing contract workflow begins with a contract request and continues through the stages of internal approval, negotiation and signing (remotely when available). Once in force, obligations, rights, audit, renewal, closure and eventual archiving should be managed. Data deletion verification is an important part of closing the Processing Agreement and should be specifically addressed.
Use our supplied Microsoft Word Data Processing Contract template as recommended by the Spanish Data Protection Agency or create your own custom contract templates.
R2 Docuo will manage contract authoring, review approvals by both your organization and your clients / suppliers, send of automated emails with comments, and reject or approve links until the final document is ready to sign.
Send email signature links to your clients and suppliers so they can sign Data Processing Contracts in a matter of minutes. They will receive a secure validation SMS on their mobile device and can draw their signature on it.
Signed agreements will have full legal validity thanks to biometric signature registration and R2 Docuo features which are 100% compliant with eIDAS regulation. If you prefer, you can use Qualified Electronic Signature with trusted electronic certificates or even fallback to a classic manual signature when needed.
Let R2 Docuo warn you when Data Processing Contracts are close to expiring. Track data destruction protocols and retention policies as agreed. Create and send data destruction certificates automatically to your clients when requested to do so.
Be informed of all Data Processing Contract process states including execution, amendment, obligations management or audit. Create custom email templates for automated workflow alerts and save time by automating Data Processing Contract management and surveillance.
Stay compliant with strict GDPR guidelines and let R2 Docuo handle the time-consuming tasks through our automated operations capabilities. Get back to focusing on your business and we’ll take care of GDPR compliance.
At the heart of GDPR Software are three key capabilities:
1. Identifying and continuously tracking the information held on each individual.
2. Maintaining the capacity to act on that knowledge to inform the user, correct the data or restrict processing.
3. Tracking the workflow and holding detailed records to assess and demonstrate compliance.
R2 Docuo GDPR Software has been built with those three points in mind to provide DPOs with a state-of-the-art tool to meet their challenges.
By 2022, 30% of consumer-facing organizations will offer self-service online means to provide for GDPR related requests.
Third parties that handle personal information on behalf of their clients and that form part of the response chain are also facing pressure to scale on GDPR compliance. Many view automation as a differentiator for their clients, who are realizing the risk in keeping or selecting a provider that is not able to support them in their requirements to comply with GDPR.
R2 Docuo GDPR software enables compliance work automation out-of-the-box, but greater automation can be achieved using our API to collect compliance events from third-party systems or generate automatic personal data locks/deletions on them.
With the GDPR in effect, millions of people in Spain and Europe are free to exercise their subject rights at no cost to them.
For Law Firms, GDPR Compliance as a Service has become one of the most demanded services by clients.
Meeting the challenges of GDPR regulation has caused Legal Departments to bear an unfair share of the compliance burden, as they have to add this work to their usual legal functions.
R2 Docuo GDPR Software enables Legal Departments to master their compliance challenges, and Law Firms to provide this premium service to its clients.
Public agencies and municipalities are no different from other organizations in terms of their need to comply with the GDPR.
However, to contract software services of any kind, they must ensure that the software, and the providers that supply it, comply with strict security certifications.
In Spain, compliance with the National Security Scheme (ENS) is an essential legal requirement to process personal data of citizens as part of any public service.
In addition to complying with the ISO 27.001 standard, R2 Docuo GDPR software has obtained certification in accordance with the Spanish National Security Scheme (ENS), making it a perfect solution for compliance with the GDPR by public bodies.
Except for the need to designate a DPO and some other points, the GDPR doesn’t make much difference between small or large organizations when it comes to compliance requirements.
Small companies and startups may manage huge amounts of data, much of which may be personal. This make GDPR compliance a requirement for small and medium companies despite their size.
Small and medium businesses that want to collaborate with large corporations must demonstrate their ability to meet all the GDPR requirements regardless of the size of their company.
R2 Docuo GDPR Software lightens the compliance burden on small organizations by ensuring that they meet all GDPR record requirements and allowing automatic management of requests they have, whether many or few.