Management System

1. Context Definition, Changes Management and Privacy Risks 

The reformulation of the business strategies, the reorganization of the company processes, the redesign of the information system and the revision of contracts, delegations and appointments are managed in KRC® in terms of the risks of privacy. Appointment of the Data Protection Officer (Data Privacy Officer DPO), Classification of Treatments, Purposes, definition of Security Measures.

2. Data Processing and Information and Consent Management

It allows the identification of the various interested parties to which certain purposes are associated and related offices, describing the collection, management and deletion of data. The limits on the authorized processing of personal data and the criteria for transferring data outside the EU and for infringement cases are defined.

3. Impact Assessment (Data Protection Impact Assessment DPIA or PIA)

It allows an assessment of the necessity and proportionality of a treatment with respect to the risks for the rights and freedoms of individuals. The DPIA is a tool that allows the Owner not only to meet the requirements of the GDPR, but also to demonstrate that appropriate measures have been taken to ensure compliance with the EU GDPR Regulation 679/2016.

4. Identification Risks, Analysis, Security Measures and Evaluation

It allows to identify the risks for each interested party and specific purposes, to define as-is or to be measures according to risks and vulnerability. Through the green or red traffic lights on categories of security measures it is possible to define the Probability and the Gravity and relative calculation of the Risk.

5. Risk Management and Action Plans Management

It allows you to manage the assignment and management of activities, the frequency and the relative responsibility, the schedule with notification of warning and alert, the registration of the accomplishment of the documents, the upload of the documentation, the closure.

6. Reporting of Data Breach Events

Management of data breaches: from reporting, to evaluation, to communication and processing and drafting of procedures for the violation of personal data (Data Breach) with the guarantor.

7. Maintenance and Control

Generate the Register of treatments (Privacy Register) by the Data Controller and each Data Processor. Drafting of the Privacy Management System Manual.



The top management and the DPO have the ability to monitor in real time the compliance with all the requirements with a single control dashboard. Simplifies the procedures and controls required by the regulatory provisions.
Consulting Support

Assessment Privacy and gap analysis to the new European Regulation 679/2016:

  • Risk Assessment As Is (D. Lgs. 196/03)
  • Risk analysis European Regulation (UE) 679/2016
  • Gap analysis between Risk assessment As Is and European Regulation (UE) 679/2016
  • List of the actions to implement for the adjustment to European Regulation (UE) 679/2016
Training Activities The KEISDATA consultants are prepared to provide informative and training activities based on the needs that emerged during consultancy support.



Integrated Areas and Flows

The processes of Audit, Targets, Operational Controls, Event Management and Non-Conformity and Re-examination are managed in integrated flows for the different Management Systems: Environment, Health and Safety, Quality, Energy, Privacy, Information Security, Anti-corr​uption, Social Responsibility.

Human Resources Area

  • Registry File Management: allows you to manage the integration between the corporate HR Database and the KRC HR Database. It allows the production of personal data sheets: it associates the job, the qualifications and the legal and corporate titles; it composes the training booklet from the training flow, the risk assessment form from the risk assessment flow, the health protocol from the health surveillance flow, the PPE per task and distributed by the PPE flow.
  • Organization charts: allows you to produce the corporate and legal organization chart.
  • Roles and Responsibilities: allows the Job Description to be produced with regard to activities and responsibilities from the Procedures and Instructions Management flow.  

Flow Norms and Laws for the Management of Legal Prescriptions

It allows to produce the regulatory framework, the systematization of the provisions contained in the provisions and to assess the legislative compliance by identifying methods of verification and control and those responsible. It generates the regulatory schedule with the sending of prescription notifications to the managers. The rules and laws and the provisions relating to the risk element will be displayed in the risk and environmental aspects forms.

Norms and Laws update service

KEISDATA provides the supply with a fortnightly update of the rules and laws characterized by Scope, Thematic, Sub-topic, Topic and Element of risk with relative upload of the legislative document. Generates the regulatory schedule with notifications to managers.

Autohorization management flow

It allows you to manage authorization from identification to assigning responsibilities. Create the authorization framework, manage the related activities and create the authorization register. Generates the schedule with notification of notice and registration of the successful completion with upload of the documentation.