SMCR Compliance Monitoring

Maintain your adherence
to new privacy

Created from the Information Commissioner’s Office licensed regulatory guidance and combined with best practice material, our GDPR solution produces over 500 compliance safeguards.

What are the new General Data Protection Regulation rules?

The new EU General Data Protection Regulation extends the scope of data privacy law to all companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, making it easier for non-European companies to comply with these regulations. However, this comes at a significant cost with penalties of up to 4% of global turnover or £20m Euros, so the challenge is to achieve compliance without excessive effort or expenditure.

How can Solvassure help?

Solvassure’s platform technology helps organisations meet new privacy regulations by automating assurance checks from a licensed rules library and notifying responsible owners in real time. A comprehensive GDPR checklist has been created from the Information Commissioner’s Office regulatory guidance and combined with best practice material to deliver over 800 individual safeguards. This not only provides a mechanism to train privacy users, it also produces the operational checks that form part of the regulations, raising exceptions to managers in a Cloud hosted and mobile enabled application.

Solution features

Accountability and governance

Systematic controls ensure that accountability and governance is managed comprehensively using regulatory material from the Information Commissioner’s Office.

  • Key responsibilities assigned to Data Protection Officer role
  • Re-usable Data Protection Impact Assessment templates
  • Assurance checks for records and categories of data held
  • Organisational security standards monitoring
  • Codes of conduct and certification handling
  • Embedded handover and on-boarding activities
  • Management committee and NED governance tracking
  • EU Directive publication accessible in rules repository
  • ICO guidance publication accessible in rules repository.

Data processing

Data processing considerations are accommodated with a single database containing records and historical updates.

  • Data source register tracks lawful basis for processing
  • Supplier contracts register tracks regulatory clauses
  • Policy register tracks privacy procedures and ownership.

Individuals’ rights

Individuals’ rights are handled comprehensively using our fully automated subject access request function.

  • Process steps for “right to be informed”
  • Process steps for “right of access”
  • Process steps for “right to erasure”
  • Process steps for “right to restrict processing”
  • Process steps for “right to data portability”
  • Process steps for “right to object”
  • Process steps for “rights for automated profiling”
  • Process steps for “subject access requests”.

Data breaches

Data breach procedures can be triggered by nominated users to ensure that the right steps are taken by the right person with all relevant stakeholders informed.

  • Data breach activities initiated and time monitored
  • Actions chased and stakeholders informed automatically
  • Whistleblowing procedure with evidence collection.

Data transfers

Data transfer procedures can be triggered by nominated users to ensure that a record is maintained when data is transferred outside of the EU.

  • Process steps generated for transfer of data.

Tag monitoring

Companies with a web presence need to ensure that they have modified or removed any tags that process personal data (including IP address) without the user’s consent.

  • Solvassure Tag Monitor automates the website compliance process
  • A brand internet asset register enables all relevant websites and pages to be catalogued
  • A tag register enables all known tags to be catalogued and white-listed for each website
  • A schedule configurator automates tag monitoring to run in the background
  • Exceptions reporting highlights issues to key stakeholders
  • Tag Monitor is fully integrated with our GDPR Compliance Technology.

Project assurance

Ensure implementation is managed comprehensively using PRINCE2 best practice material from Axelos (a joint venture between the UK Government and Capita).

  • Establish executive board and control mechanisms
  • Assign key project roles and define responsibilities
  • Raise and authorise core documentation
  • Initiate and monitor workstream activities
  • Check deliverables and recover exceptions
  • Handover to business-as-usual.

Environment hosting

Our software as a service solution provides a single source of information twenty four seven and lowers compliance expenditure with cost effective pricing.

  • Secure cloud based platform
  • Data centre conforms to ISO27001
  • Smartphone app with location marking
  • Business hours helpdesk.

What are the key principles?

The General Data Protection Regulation extends the scope of data protection law to all companies processing data of EU residents.

It requires organisations to maintain records of processing activities in an effort to update rights for a networked world.

It creates some new access rights for individuals and strengthens those that existed under the previous regulations.

The significance of accountability and transparency has been elevated with a principle of privacy by design at its core.

There are now tighter controls on the security of personal data and the ability to move it around the globe.

The penalties for non-compliance have been increased and linked to global turnover in an effort to focus attention.

Where is our material licensed from?

The Information Commissioner’s Office is the UK’s independent body set up to uphold information rights. Its role is to increase the public’s trust and confidence in how data is used and made available; improve standards of information rights; maintain and develop influence within the global information rights regulatory community; keep abreast of evolving technology and enforce the laws it oversees.

Compliance Technology.

Call 0845 259 1922