In May of this year, everyone was talking about the Data protection basic regulation. In the meantime, the initial hype has died down a little, but the requirements still remain. In many places, the question is "To what extent are we GDPR compliant and how do we ensure that we remain so?"
We have created a knowledge database in HITGuard that helps our customers to implement measures to meet the key requirements of GDPR in the long term.
We can use check questions to determine whether our customers have considered all aspects of all relevant topics and immediately see where there is still room for improvement. For example, our customers can address the following issues in the form of a quick check:
- Are our processes and measures in connection with the handling of data subject rights effective?
- Are the processing activities carried out by us fully and comprehensibly documented?
- Have we dealt sufficiently with processors?
- Do our TOMs address all key control objectives?
- What aspects do we need to consider in the course of the risk assessment or any Data protection impact assessment?
Knowledge database for the implementation of the Data protection basic regulation (GDPR)
Risk identification assistant for the implementation of the Data protection basic regulation (GDPR)
The knowledge databases in HITGuard offer a special feature. For each review question , one or more suggested measures or suggestions for regular checks can be stored. The inspection questions are run through and answered in the form of a checklist. The next step is to identify deviations from a target status. In order to rectify these deviations, customers can use suggested measures from the knowledge database to conveniently create their action plans. They can also use control suggestions stored in the knowledge database to sustainably safeguard measures that have already been implemented.
And this is also how we have solved the issue of Data protection- General Data Protection Regulation: If the answers to test questions - such as the question "Is a process for handling data breaches established?" - deviate from a desired target status, then our customers receive proposals for measures - such as "Define responsibilities for handling data breaches" or "Introduce a data breach process". The key points to be implemented are described in each proposed action. This enables them to identify what still needs to be done to meet the requirements of GDPR in individual subject areas. Furthermore, the control proposals stored in the knowledge database - such as "Checking the effectiveness and efficiency of the data reach process" - can be used to sustainably secure existing Data protection processes and thus remain GDPR-compliant.
This knowledge database therefore offers any type of company an initial quick-checkto find out whether the requirements of the Data protection General Regulation are being met. It addresses the key points for establishing general compliance with GDPR within the company.