Functionalities
of the system

Check what you will receive as part of the GDPR tool

Record of processing activities

Basing on information about a certain industry and fields of activity of a company, GDPStandard automatically generates a Record of processing activities (RPA), creating a map of present processing activities. It points out activities in which personal data is processed, determines a processing purpose and a legal basis of processing, categories of processed data, categories of data subjects and applied security measures. Predefined RPA will facilitate and quicken conducting an audit of possessed data and validity of processing.

Simplified risk assessment

A key element of the GDPR is a risk assessment that should be conducted by everyone, no matter of the scale of one’s enterprise. GDPStandard includes a module of simplified risk assessment, which allows to perform an assessment individually, by answering few simple questions. We also provide you with a manual of conducting a model simplified risk assessment.

Certification

We issue an individual certificate, attesting compliance with the GDPR. The certification programme raises credibility and helps to gain trust of clients and business partners which consider data security a crucial part of business cooperation.

Online access

GDPStandard is an online tool accessed through a web browser, available in a system of 12 months membership. It enables an easy way to comply with the GDPR requirements and afterwards, to manage data protection in any organisation. All the required documentation, records and reports, including an automatically generated report in the case of an audit by data protection authorities – everything available in one place, ensuring neatness in the data protection.

Record of categories of processing activities

A record containing information on conducted activities (operations), commissioned by third party data controllers. Record of categories of processing activities is crucial for companies such as accounting offices, HR and payroll offices or marketing agencies. Keeping such a record is, next to keeping a record of processing activities, a fundamental GDPR requirement.

Processors Record

A record of processing entities is a list of third party entities that were commissioned to perform some operations in the scope of data processing. The controller should be always ready to present all third party entities that he entrusted with processing personal data.

GDPR Compliance Report

A document showing GDPR requirements binding a certain entity, precisely pointed GDPR provisions from which those requirements arise and in what manner those requirements were fulfilled by using the GDPStandard. In case of a data protection audit, you will be able to prove that your company is compliant with the GDPR.

Applications record

The GDPR endows natural persons with an array of rights, e.g. the right to be forgotten or the right of data portability. Each case of data subject’s request to exercise such right should be recorded, in order to reply in required time. To facilitate fulfilment of this obligation, the GDPStandard includes suggested templates of such replies, and a place to record data subjects requests.

Documents templates

A full GDPR documentation includes i.a.: a model privacy policy, a model data protection policy, ready-to-use procedures of fulfilling GDPR requirements imposed on entrepreneurs, ready-to-use templates of replies to requests of data subjects exercising their rights, templates of GDPR information clauses, templates of authorisations to process data, consent clauses, a model methodology of risk assessment, technical and organisational means of data protection, templates of entrusting data processing agreement and joint controlling and training materials.

Authorisations record

A record of all persons that were authorized to access and process personal data in accordance with the scope of their official duties. Authorisations record also allows to verify who performs tasks regarding personal data, to which data he was granted access and whether he underwent appropriate training.

Risk Analysis GDPR Risk Tracker

Application for data controllers and data protection officers to carry out comprehensive risk analysis and data processing impact assessment (DPIA)

It allows for a clear, repeatable and reliable risk analysis process and the receipt of a report and recommendations of significant changes.

Recommendations Report

The GDPR and certain obligations it imposes on the entrepreneurs translated into a list of practical tasks to fulfil, along with a manual on how to advance with implementation of the GDPR. A record of performed tasks guarantees accountability of steps executed to implement the GDPR. After you are done with recommended steps, we issue for you a report of implementation and a GDPS certificate.

Breaches record

The controller is obliged to record any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial measures taken. Keeping a Breaches record allows a better identification of incidents, and in case of repeatability, to eliminate their causes. The system also includes a comprehensive procedure for dealing with breaches.

Cloud storage for documents

The tool grants an access to a cloud storage for devised contract templates, policies and procedures, allowing to keep the documents base complete and in order. Everything easily accessible in one place to facilitate your everyday work and ready to help you in case of an audit.

Experts Knowledge Base

We operate basing on experts knowledge provided by lawyers renowned on the field of data protection. A database of several dozen document templates was devised with highest diligence in cooperation with Gawroński & Partners law firm. We also share knowledge about the GDPR in form of webinars, training materials, blog and GDPR FAQ.

Updates

GDPStandard is being developed on an ongoing basis, new functionalities are added based on reviews and needs of our Clients. Documents are also undergoing updates, with regard to guidelines and recommendations issued by the Polish Data Protection Authority, European Data Protection Board and legislative changes.