Management System

1. Context Definition, Changes Management and Privacy Risks 

The reformulation of the business strategies, the reorganization of the company processes, the redesign of the information system and the revision of contracts, delegations and appointments are managed in KRC® in terms of the risks of privacy. Appointment of the Data Protection Officer (Data Privacy Officer DPO), Classification of Treatments, Purposes, definition of Security Measures.

2. Data Processing and Information and Consent Management

It allows the identification of the various interested parties to which certain purposes are associated and related offices, describing the collection, management and deletion of data. The limits on the authorized processing of personal data and the criteria for transferring data outside the EU and for infringement cases are defined.

3. Impact Assessment (Data Protection Impact Assessment DPIA or PIA)

It allows an assessment of the necessity and proportionality of a treatment with respect to the risks for the rights and freedoms of individuals. The DPIA is a tool that allows the Owner not only to meet the requirements of the GDPR, but also to demonstrate that appropriate measures have been taken to ensure compliance with the EU GDPR Regulation 679/2016.

4. Identification Risks, Analysis, Security Measures and Evaluation

It allows to identify the risks for each interested party and specific purposes, to define as-is or to be measures according to risks and vulnerability. Through the green or red traffic lights on categories of security measures it is possible to define the Probability and the Gravity and relative calculation of the Risk.

5. Risk Management and Action Plans Management

It allows you to manage the assignment and management of activities, the frequency and the relative responsibility, the schedule with notification of warning and alert, the registration of the accomplishment of the documents, the upload of the documentation, the closure.

6. Reporting of Data Breach Events

Management of data breaches: from reporting, to evaluation, to communication and processing and drafting of procedures for the violation of personal data (Data Breach) with the guarantor.

7. Maintenance and Control

Generate the Register of treatments (Privacy Register) by the Data Controller and each Data Processor. Drafting of the Privacy Management System Manual.



The top management and the DPO have the ability to monitor in real time the compliance with all the requirements with a single control dashboard. Simplifies the procedures and controls required by the regulatory provisions.
Consulting Support

Assessment Privacy and gap analysis to the new European Regulation 679/2016:

  • Risk Assessment As Is (D. Lgs. 196/03)
  • Risk analysis European Regulation (UE) 679/2016
  • Gap analysis between Risk assessment As Is and European Regulation (UE) 679/2016
  • List of the actions to implement for the adjustment to European Regulation (UE) 679/2016
Training Activities The KEISDATA consultants are prepared to provide informative and training activities based on the needs that emerged during consultancy support.


Consulting Services

Through the assistance of professionals selected by us[, the customer can take advantage of additional services:
1. Assumption of the DPO/RPD role: The legislation on the protection of personal data defines the contexts in which it is mandatory, for the entity or company, to qualify a specialized figure who performs the role of Data Protection Officer. Also outside of these mandatory situations, the support of a highly skilled professional can be invaluable in carrying out regulatory compliance monitoring activities and guiding the organization in making company processes more efficient in accordance with the Privacy by Design logic. The decision to qualify an external DPO guarantees the absence of conflicts of interest in the performance of its activities, the main of which are:

  • Informing and instructing internal resources about the obligations deriving from the law on data protection, promoting the "privacy culture";
  • Verify and supervise the organization's compliance with all data protection legislation – including through audits;
  • Provide advice in the case of data protection impact assessments (DPIA);
  • Act as a contact point for requests from data subjects relating to the processing of their data and the exercise of their rights;
  • Collaborate with Data Protection Authorities and act as a point of contact for them on matters relating to the processing of personal data.

2. Consulting services on privacy matters

  • Continuous assistance for customers who use the software;
  • "Targeted" assistance for specific activities (DPIA, risk analysis or implementation of new treatments with Privacy By Design logic);
  • Staff training.