GDPR - Decentralized Management of Data Processing

"Being able to use an integrated platform for the maintenance and updating of the Data Processing has made it possible to have a direct and responsible involvement of the entire banking structure, while ensuring the segregation of information with respect to company policies. As a direct consequence, the visibility of the Data Processing at the Management level has also helped in achieving better alignment with the principle of 'Accountability' required by the European legislation itself. "

Data Office

 

The Need

The continuous updating of the Data Processing by the Offices/Departments responsible was necessary to relieve the Office of the Data Office from timely activities on the individual Data Processing, thus shifting this responsibility to the Offices/Departments themselves; The Data Office was thus able to give the necessary attention to the entire process and compliance in the generation of the Data Controller and Data Processor registers. The direct involvement of the heads of the Offices/Departments was also supported by the principle of 'Accountability' provided for by the European legislation itself (EU Regulation 2016/679).

The Solution

Customization of the standard KRC® Privacy/GDPR module through an activity of:

  • Analysis of the current visibility cones of the Data Processing and related updating privileges
  • Automatic synchronization of the entire personal data of employees and related Offices/Departments to which they belong
  • Automatic identification of those responsible and assignment of the Data Processing
  • Ability to delegate additional people by managers
  • Centralized control of active proxies
  • Extension of the consistency checks of the current information contained in the Data Processing with respect to updates deriving from automatic synchronizations
  • Training and coaching at the Data Office

Benefits

With the decentralization of the possibility of updating the Data Processing, the Customer has a solution capable of:

  • Adhere to internal group policies
  • Put into practice the concept of Accountability envisaged by the legislation
  • Implement supervision and control activities in a more consistent and coherent manner, in particular by the Data Office
  • Keeping the records of the Data Controller and the Manager always up-to-date
  • Support the activities of the Data Office and Compliance Office during internal audit activities
  • Optimize and reduce the cost of compliance thanks to the integration to and from the company internal control system