HOME
It offers the Home pages defined on the specific regulations that allow the DPO and/or the designated subjects a structured and effective navigation and usability of the Privacy flow functions.
CONTEXT DEFINITION
It allows the configuration of the company and the relevant privacy context, with particular attention to the categories of data subjects and the purposes of the processing.
APPOINTEMENT MANAGEMENT
It allows the management and archiving of appointments including those of the DPO and external data controllers taking into account what is found in the data processing sheets.
MANAGEMENT OF NEW INITIATIVES
It allows the tracking of new initiatives and the management of the related evaluation process in compliance with the provisions of the Regulation, i.e. a preventive evaluation "By Default" or "By Design".
UPDATE CAMPAIGN MANAGEMENT
It allows the definition of the actions and activities deemed necessary for the continuous updating of treatments in relation to corporate and regulatory developments and the consequent protocolling with a certain date.
DEFINITION OF TREATMENT SHEETS AND PIA CRITERIA
It allows the identification of data processing management methods with the related security measures for each purpose and in compliance with the standards and requirements defined in the legislation. Processing entrusted to third parties (data processors), the criteria for data transfer outside the EU, and the data retention period are tracked.
INFORMATION AND CONSENT MANAGEMENT
It allows the management of all information automatically generated by the treatment sheets filtered by categories of interested parties (single or multiple).
RISK ANALYSIS AND ASSESSMENT
Contains an assessment of the risks associated with each processing operation. KRC® offers the calculation of the probability of occurrence through a reference checklist (ENISA). The Impact calculation can be configured according to the Client's own criteria. Risk is calculated using the PxI formula, which provides the guidance for the DPIA.
DPIA-CNIL IMPACT ASSESSMENT
It allows for an assessment of the necessity and proportionality of processing based on the risks to the rights and freedoms of natural persons. KRC® includes the CNIL standard, automatically populated with the data and information collected in the previous phases.
RISK TREATMENT AND ACTION PLANS MANAGEMENT
It allows to plan and manage security measures, distinguishing between existing, vertical, and transversal measures, by assigning priorities and responsibilities. A timetable is activated with advance warning and alert notification, registration of compliance, uploading of documentation, and closure.
DATA BREACH EVENT MANAGEMENT
It allows the mapping and management of data breaches as also provided for by the Provision of the Guarantor of 29 October 2019 as well as the archiving of any necessary documents produced.
RECORD MANAGEMENT, COMMUNICATION AND REPORTING
It allows the Data Controller and each Data Processor to manage the Register of Processing Activities (Privacy Register). It provides access to the Privacy Documentation System to support the DPO and other designated figures.
THE ADVANTAGES OF DIGITALISING THE PRIVACY MANAGEMENT SYSTEM
- Procedure management takes place through optimised and standardised data models
- The information is automatically propagated between the different modules of the platform, e.g. from training to sustainability, ensuring that the data is entered into a single template
- The connection of information between the different procedures/flows is carried out following the standard and according to a work optimisation logic (guide).
All common-factor procedures, in compliance with the European Regulation GDPR (EU) 679/2016, are described in the module