Under GDPR, you keep your own summary of your processing activity – in your (unimaginatively named) Article 30 Records, including the data subjects and personal data involved, and your security measures. Regulators can ask for the Article 30s at any time.
There’s just no way to do or show this without an audit of your processing activities – your Data Map. Keepabl leads you through creating your Data Map by completing user-friendly questionnaires about the personal data you process (your Activities). We help you get started with template Activities and we create your Article 30 Records automatically, as well as your Processor and Transfer Registers to help you identify, improve and demonstrate your level of compliance.
Any ‘get compliant’ GDPR project needs good gap analysis to drive remediation actions. The BenchMark tests your compliance against the GDPR and the UK e-Privacy Regulations (UK PECR) both as a controller and as a processor. Instantly analysing your answers, Keepabl presents you with an overall score – popular for showing board members – then broken down into 17 sub-areas, to easily target the next remediation action.
Your Data Map again helps you get the job done. The Activity Analysis provides instant insights into your processing such as where you process children’s personal data, where do you not encrypt at rest, and which processor’s processing agreement still needs updating.
As you fill in Activities, you’ll assign risk to the processing activities and Keepabl will instantly create your interactive Risk Map. Again, Keepabl’s maps help you get the job done. Choose how you want to visualise risk, and filter the results by risk profile. Zero in on high risk Activities. It’s all linked to the Data Map so you can easily navigate to the relevant Activities.
One of GDPR’s most critical ongoing governance requirements is to maintain records of every personal data breach, whether or not you notified them to the regulator or to the individuals concerned. Keepabl’s Breach module allows you to record all the information you’ll need on suspected or actual personal data breaches, including to upload documents, notifications and other evidence reports.
You can even let anyone without a Keepabl account record a breach in Keepabl, for example from your intranet. And when a breach report is created, Keepabl sends email alerts so that your response team can move quickly to implement your response plan.