Data protection management
Data protection management in HITGuard enables you to efficiently and sustainably implement the complex requirements of the Data protection General Data Protection Regulation (EU-GDPR). HITGuard can also be used to check compliance with the requirements of the many related industry-, country- and religion-specific data protection laws.
- Clear registers of processing activities (PA) and Data protection impact assessments (DPIAs)
- Workflows for collaboration with those responsible at PAs to relieve the burden on data protection officers
- Quick checks to determine compliance with requirements with proposed measures and controls
- Documentation of TOMs via the link to your information security management system
- Creating reports for quick responses to requests for information
Processing activities
The documentation of your processing activities is a key requirement of the EU-GDPR. For this purpose, essential information must be provided on the purpose of the processing, the categories of data subjects, personal data and recipients. The deadlines for deleting the various categories of data are also listed here. Record and document your processing activities with a wizard in just a few steps.
- Select the persons affected by processing from a centrally maintained list.
- Record the processed data categories for each data subject group and maintain the data origin, deletion periods and recipients.
- Document for what purpose and on what legal basis data is processed by you and the recipients.
- Keep an eye on whether a DPIA has been carried out for a processing activity.
Processing register
A processing register records all processing activities in which personal data is processed. In complex corporate structures, organizational units must be able to see and also edit the part of a processing register that is subject to their area of responsibility. In addition, there is information to be managed centrally, e.g. by the group. HITGuard makes it possible to map complex company structures and structure processing activities accordingly.
- Map complex company structures with the subdivision into company and organizational registers.
- Manage "collective processing activities" to centrally maintain shared services that each organizational unit uses once.
- Manage access authorizations of the respective controllers via the registers or directly in the processing activities.
- PAs are saved historically in all versions so that any changes made can be tracked.
Data protection-Impact assessments
Under certain circumstances, the various data protection laws require an impact assessment to be carried out for processing activities. This serves to protect the rights and freedoms of data subjects. HITGuard supports you in the review, implementation and documentation of DPIA.
- Carry out the impact assessment for one or more processing activities.
- Use the wizard to check your PAs for the need for a DPIA and document your decision.
- Link existing hazardous situations and the associated risk management measures and controls.
- Document DSFAs that have already been carried out so that you can manage everything centrally.
- See the DPIA and their status in all related PAs.
Reports and evaluations
Numerous reports are available to help you fulfill your reporting and information obligations. For example, you can generate a report of all processing activities at the request of the authorities with just one click.
- Export individual processing activities as well as complete organizational or company registers.
- Print out processing activities as data processor or as a report for shared responsibilities.
- Comply with requests for information from data subjects in accordance with Art. 15 EU-GDPR .
- Display configurable key figures for Data protection on a dashboard.
Features and functions
The administration of a data protection management system involves a large number of complex tasks. HITGuard offers data protection officers the opportunity to collaborate with others and handle various work steps centrally.
- Manage general technical and organizational measures (TOMs) in a central register.
- Add additional, specific TOMs directly to individual processing activities.
- Delegate the maintenance of processing activities to the experts in the specialist departments.
- Enable others in your organization to register new processing activities.
Request a non-binding demo now
Find out what the GRC software HITGuard can do for you