Know your Sub-Processors from your Joint Controllers with powerful Entities Registers

Spot check! Within 30 seconds, can you show us a list of all the entities involved in your organisation’s personal data processing, plus have them separated out by role, and identify who your joint controllers are, who your sub-processors are and what they do for you? 

30 seconds. Tick tick!

Don’t worry, Keepabl has the perfect solution for you: our beautiful Entities Registers! 

Why you need Entities Registers

In Privacy-land, it’s hard to exaggerate the importance of knowing who you share personal data with, for so many reasons.

For example:

• Article 28 of GDPR requires you as a Controller to only use Processors that can guarantee compliance. Meaning you need to know who they are so you can manage your due diligence and also make sure you’ve a written agreement with each on covering the items listed in Art 28.
• And when you’re a Processor, that same Art 28 requires you to have similar contracts in place with your Sub-Processors and (famously) to get authorisation from your Controllers to use and change any Sub-Processor. Customers ask for this stuff.
• Art 26 of GDPR sets out your obligations on Joint Controllers – which must be reflected in a written arrangement between you and them.
• We won’t go on. OK, just a bit …
  • RoPAs under Art 30 need categories of some recipients and names of others.
  • Notices under Arts 14 & 15 need the same.
  • DPIAs under Art 35 need to include a systematic description of the processing, including the parties involved.
  • And when you respond to many of the Data Subject Rights under Chapter III, including the most common, the DSAR (the access right), you certainly need to know your Privacy Supply Chain!

Multiple Roles

One of the interesting things about Privacy for us geeks (and one of the annoying things if you’re not one) is that the same entity can have various roles in your Data Map.

Let’s say you use Microsoft to store all your data (or Google or whomever).

If you’re storing personal data there for your Sales and Marketing activities you’re almost certainly the Controller of that data and Microsoft (Google, whomever) is your Processor.

Now let’s say your services mean you process some personal data for your customers along the way and you also store all that data in the same place. For those activities, you’re almost certainly a Processor for your customer and Microsoft (Google, whomever) is your Sub-Processor.

Same same but very different.

With our Entities Registers you can filter by role and you can zoom in to individual entities to see how and where you’re working with them.

Joined up Compliance

Keepabl’s all about making things intuitive and joyful. So our Entities Registers appear magically as you complete your Data Map – it really is a map that takes you places!

Your Entities Registers are all integrated into Keepabl’s award-winning Privacy Management Software, the perfect GDPR tooling for DPOs and those looking after Privacy at their organisation – which 90% of the time is professionals in IT, Security, Ops and Compliance.

Intuitively click through your beautiful, automatic registers, filtering, searching, downloading to your heart’s (and regulator’s) content.

Everything’s linked to everything else, making ongoing compliance faster, cheaper and more efficient than a sheet in a folder. And you’ve all the SaaS benefits of least privilege / role-based access, 2FA, SSO and more.

Get your demo today!

Don’t look at that manky spreadsheet again, wishing it was easier to update as you updated everything else. Come and get your demo of Keepabl’s Privacy Management SaaS and see why our customers say things like:

‘We use Keepabl to show our compliance to senior management and investors, it’s all easy to see on one pane of glass. We have our yearly audit coming up soon, and we’re looking forward to using Keepabl for that, too.’

‘Their holistic solution really accelerates compliance activities and I believe will save my clients 50-70% of their ongoing Privacy compliance over the next 3 years.’