Is there a software solution for GDPR compliance?

Apr 5, 2018 12:00:00 AM | GDPR Compliance Is there a software solution for GDPR compliance?

The short answer to the question whether there is a software solution for GDPR compliance is: no. From a privacy compliance software provider this may come as a surprise. However, PrivacyPerfect is not the kind of provider that believes in magic. Becoming GDPR compliant is mostly hard work. The more comprehensive answer to the above question is: no, there is not a single software product that will automatically ensure you comply with GDPR without any further effort.

From previous blogs posts, you may have picked up on the 7 steps that you can take towards privacy compliance: get an overview of all your processing activities, get processing agreements in place, initiate a procedure for complying with data subject requests and for notifying data breaches, raise privacy awareness across your organisation, evaluate your privacy policies, and enforce your retention and deletion policies.

Still, that is easier said than done. Any provider telling you they have the ‘magic wand’ to do this automatically is either not aware of the massive obligations under the GDPR or is feeding you ‘alternative facts’ (formerly known as lies). However, some of these things can be made easier by employing software tools. For instance, some companies claim to get good results by automatically crawling your systems and searching for actual personal data being stored.

That may help you reduce the manual workload needed to interview all business process owners that should contribute to getting an overview of all things happening with personal data in your organisation. There are also other things that might help you do the first inventory. Trade associations or suppliers might make templates available to reduce your workload, offering descriptions of the most obvious processing activities.
There are different types of tools that you might consider for easing your workload in becoming GDPR compliant:
  • Compliance checklist tools. Such tools guide you through all steps deemed necessary to become GDPR compliant. Be prepared to do a lot of work in order to reach that stage: the checklists will require you to put in place all kinds of working procedures and involve many people to get things properly organised.
  • Application software. Your software suppliers, especially for software as a service, may try to help you by providing compliance support in their software, e.g. with access to processing agreements and control over data storage locations.
  • DPIA tools. Obviously, PrivacyPerfect offers its own DPIA module. But you might find useful stuff elsewhere too. There are DPIAs in the form of Excel sheets, often directed towards specific sectors or processing activities such as smart metering.
  • Processing register tools. Again, PrivacyPerfect offers a solution for this. But if you think a register in Excel will suffice for now, for instance the Belgian supervisory authority has a template that you might employ.
  • Data breach notification tools. Well, you know it by now, PrivacyPerfect of course offers a data breach notification tool in its software, but you can also look for freely available tools such as the one offered by ENISA (the EU agency for network and information security).
  • Big data tools. These tools aim to find information about personal data flows in structured and unstructured data. They will give you an impression of the distribution of recognisable personal data in your IT landscape. Be aware, though, that this is a processing activity too, with accompanying risks.

You can imagine that working with tooling will still incur a lot of work for your organisation. Whatever your approach might be, you still need a core system that enables you to administer and legally 'label' all information gathered. PrivacyPerfect offers you this core, this 'hub' that is the center of both personal data administration and workflow, and will provide you with oversight and control.

PrivacyPerfect allows collected data to be enriched with legal qualifications and to assess any risks that might arise. It also provides the hub where data subject requests and supervisory authority investigations can start and be monitored. So, when we say PrivacyPerfect is the heart of your privacy governance, we hope to help you getting the overview needed in a complex network of IT, law and compliance.