Maintain your adherence
to new privacy

Created from the Information Commissioner’s Office licensed regulatory guidance and combined with best practice material, our GDPR solution produces over 500 compliance safeguards.

What are the new General Data Protection rules?

  • The new EU General Data Protection Regulation extends the scope of data privacy law to all companies processing data of EU residents.
  • It provides for a harmonization of the data protection regulations throughout the EU, making it easier for non-European companies to comply with these regulations.
  • However, this comes at a significant cost with penalties of up to 4% of global turnover or £20m Euros, so the challenge is to achieve compliance without breaking the bank.

Why does this present a problem?

  • First of all, ownership can be hard to assign when someone is wary of the consequences, particularly as we are now seeing some big fines for privacy breaches.

  • The complexity of the new rules makes it hard to be confident in your processes and the ICO website is continually changing.

  • Dispersed compliance data is tricky to collect, if you’re relying on spreadsheets they can be overwritten and have limited scope for audit.

  • Retaining evidence can also be a problem, some firms don’t trust their HR systems and documents are being kept on multiple servers.

  • All this activity comes at a cost and if the regulator does come knocking you may not have long to respond and several teams might be deployed to find the right answer.

  • This is all because the new regime comes with significant fines and bad public relations for the worst offenders.

How can Solvassure help?

  • Solvassure’s platform technology helps organisations meet new privacy regulations by automating assurance checks from a licensed rules library and notifying responsible owners in real time.
  • A comprehensive GDPR checklist has been created from the Information Commissioner’s Office regulatory guidance and combined with best practice material to deliver over 800 individual safeguards.
  • This not only provides a mechanism to train privacy users, it also produces the operational checks that form part of the regulations, raising exceptions to managers in a Cloud hosted and mobile enabled application.
Platform features

Accountability and governance

Systematic controls ensure that accountability and governance is managed comprehensively using regulatory material from the Information Commissioner’s Office.

  • Key responsibilities assigned to Data Protection Officer role
  • Re-usable Data Protection Impact Assessment templates
  • Assurance checks for records and categories of data held
  • Organisational security standards monitoring
  • Codes of conduct and certification handling
  • Embedded handover and on-boarding activities
  • Management committee and NED governance tracking
  • EU Directive publication accessible in rules repository
  • ICO guidance publication accessible in rules repository

Data processing

Data processing considerations are accommodated with a single database containing records and historical updates.

  • Data source register tracks lawful basis for processing
  • Supplier contracts register tracks regulatory clauses
  • Policy register tracks privacy procedures and ownership

Individuals’ rights

Individuals’ rights are handled comprehensively using our fully automated subject access request function.

  • Process steps for “right to be informed”
  • Process steps for “right of access”
  • Process steps for “right to erasure”
  • Process steps for “right to restrict processing”
  • Process steps for “right to data portability”
  • Process steps for “right to object”
  • Process steps for “rights for automated profiling”
  • Process steps for “subject access requests”

Data breaches

Data breach procedures can be triggered by nominated users to ensure that the right steps are taken by the right person with all relevant stakeholders informed.

  • Data breach activities initiated and time monitored
  • Actions chased and stakeholders informed automatically
  • Whistleblowing procedure with evidence collection

Data transfers

Data transfer procedures can be triggered by nominated users to ensure that a record is maintained when data is transferred outside of the EU.

  • Process steps generated for transfer of data.

Tag monitoring

Companies with a web presence need to ensure that they have modified or removed any tags that process personal data (including IP address) without the user’s consent.

  • Solvassure Tag Monitor automates the website compliance process
  • A brand internet asset register enables all relevant websites and pages to be catalogued
  • A tag register enables all known tags to be catalogued and white-listed for each website
  • A schedule configurator automates tag monitoring to run in the background
  • Exceptions reporting highlights issues to key stakeholders
  • Tag Monitor is fully integrated with our GDPR Compliance Technology

Managed service

We can also provide a managed service to set up and administer your GDPR assurance obligations using our technology, whilst you can’t outsource the responsibility you can outsource the process.

  • Free up your team to concentrate on business as usual activities
  • Ensure that all processes are set up and run with minimum effort
  • Improve the quality and effectiveness of your policies and controls
  • Easily scale up (and down) trained resource to meet demand
  • Enrich your compliance productivity, quality and performance metrics
  • Convert fixed costs into variable costs and release working capital
  • Add new regulations into the same service to increase savings further

Secure hosting

Our software as a service solution provides a single source of information twenty four seven and lowers compliance expenditure with cost effective pricing.

  • Secure cloud based platform
  • Data centre conforms to ISO27001
  • Smartphone app with location marking
  • Business hours helpdesk

Key principles

The General Data Protection Regulation extends the scope of data protection law to all companies processing data of EU residents.

It requires organisations to maintain records of processing activities in an effort to update rights for a networked world.

It creates some new access rights for individuals and strengthens those that existed under the previous regulations.

The significance of accountability and transparency has been elevated with a principle of privacy by design at its core.

There are now tighter controls on the security of personal data and the ability to move it around the globe.

The penalties for non-compliance have been increased and linked to global turnover in an effort to focus attention.

SMCR Compliance Monitoring

Find out more

Where is our material licensed from?

The Information Commissioner’s Office is the UK’s independent body set up to uphold information rights. Its role is to increase the public’s trust and confidence in how data is used and made available; improve standards of information rights; maintain and develop influence within the global information rights regulatory community; keep abreast of evolving technology and enforce the laws it oversees.

Assurance Technology.