"Being able to use an integrated platform for the management of the Treatment Certification Campaigns has allowed us to have complete and exhaustive control over the entire process, avoiding the dispersion of information and appropriate and timely 'early warnings' towards the process owners involved"

Data Protection Office

The Need

The continuous updating of the data processing by the process owners is mandatory, but compliance with the deadlines for closing the certifications within the institutional periods deriving from group policies is equally important to ensure compliance in the generation of the Data Controller and Data Processor registers. All in compliance with the principle of 'Accountability' provided for by the European legislation itself (EU Regulation 2016/679).


The Solution

Customization of the standard KRC® Privacy/GDPR module through an activity of:

  • Analysis of the current management method of the Certification Campaigns implemented by the group
  • Introduction of a centralized management system for Certification Campaigns that would allow activating the Campaigns themselves but also controlling their progress over time
  • Need for a notification system to process owners with automatic activation based on approaching deadlines and/or completion/non-completion of the planned activities
  • 'On the fly' production of specific reports relating to the actions carried out and the type of notifications sent
  • Training and coaching at the group DPO office

Benefits 

With the introduction of the data processing Certification Campaigns, the Customer has a centralized solution, capable of:

  • Adhere to internal group policies
  • Put into practice the concept of Accountability envisaged by the legislation
  • Documenting and tracing each phase of the process at any time, also being able to intervene promptly and in advance
  • Maintain a pace of updating of the Treatments in line with company policies
  • Keeping the records of the Data Controller and the Manager always up-to-date
  • Support the activities of the Data Protection Office and the Compliance Office during internal audit activities
  • Optimize and reduce the cost of compliance thanks to the integration to and from the company internal control system