There is a data management and permission headache brewing for organizations due to the new rights afforded to individuals under GDPR. If your processing relies on consent, the bar has been raised for the requirements surrounding valid collection and audit reporting. Individuals will have the right to request access to the personal data you’ve collected, to have corrections made, to erasure, to restriction of processing, and the like. In these instances, manually collating consent and data requests is not scalable and mistakes are likely to occur. With GDPRSecure you can manage all data subject requests and consent in a secure and organized way.
A comprehensive, turn-key solution that simplifies the GDPR compliance process by combining easy to follow security and compliance modules with state-of-the-art workflow that instantly provides the infrastructure businesses need to comply with the GDPR requirements.
Consent and Request Management
The GDPR includes guidelines on providing privacy information to data subjects. These guidelines are detailed, specific, and place an emphasis on ensuring privacy notices are understandable and accessible. Data controllers are expected to take appropriate measures and with GDPRSecure, you can clearly store and upload your notice, or embed one of our templates into your website platform’s code.
Our product offers the added differentiator of scanning options from a trusted security vendor that will give further insight into your vulnerabilities around internal and external issues.
Vulnerability scanning of external devices:
These scans are used to identify vulnerabilities on internet facing networks. Once these vulnerabilities are identified, they are placed in a report that classifies the vulnerability by severity and provides information on the steps required to fix the issues.
Vulnerability scanning of internal devices:
Internal vulnerability scans are used to identify potential vulnerabilities on non-internet facing devices such as servers, internal routers, and endpoint devices which include laptops, tablets, and personal computers.
Data discovery scanning:
Data discovery scanning will examine the network to look for unencrypted data elements that have been identified by the GDPR as “Personal Data”. Upon conclusion of the scan, the system will generate a report that identifies all elements types that have been discovered along with their location, so that the elements can either be removed or appropriately secured.
3rd Party Processors
Companies are increasingly relying on third party vendors to meet data processing needs. If you are using third parties to conduct processing of personal data on your behalf, you need to obtain assurances that the provider will handle the data securely and that the processing complies with GDPR. You will be required to have a written contract with the processor. In this module, we will advise what needs to be included in the contract literature as well as provide a place to list out all vendors and their processing details.
Incident and Breach Management
A personal data breach may arise from a theft, an attack on your system, the unauthorized use of personal data by a staff member, or from accidental loss or equipment failure. The GDPR ruling introduces a duty on all organizations to report certain types of personal data breaches to the relevant supervisory authority and/or individuals impacted. The report must be made within 72 hours of becoming aware of the breach, when feasible, and therefore your business should have effective processes in place to identify, report, manage, and resolve any personal data breaches. With GDPRSecure, you will be given a detailed plan on whom and how you should react to any breach, should the situation arise, and how communications should be handled internally and externally.
Training and Education
Stay up to date on regulations and train your workforce on the roles and responsibilities of GDPR through the GDPRSecure self-paced training module which includes attendance tracking and knowledge assessment.
Customer Privacy Portal
With GDPRSecure you will have a hosted portal for your customers to provide and revoke consent, view your Privacy Notice, and exercise their rights to access, rectification, erasure, restriction, portability, and to object. They can return to the portal to review the status of their requests and securely retrieve requested personal data.
With GDPRSecure’s hosted integration framework, you can reduce your dependence on your internal IT resources and simplify your implementation of GDPR with easy-to-use web plug-ins and simple APIs.
For a reseller of this product or a large Acquirer/ISO that wants oversight of all their merchants rolled up under their umbrella, this portal will provide a complete overview of licenses enrolled. In addition, this portal will display how long since that license has been active, as well as other data that will give you a good indication of their pathway to compliance.
Discover a powerful suite of tools for Risk Monitoring, Residual Reporting, Portfolio Management, ISO/Agent Bank Reporting, CRM, Revenue Management, and more.Learn More
With our robust compliance validation, reporting, and communications platform, merchants can identify and address network weaknesses, so that they can achieve compliance. Acquirers can create meaningful analytics to design general and targeted enforcement programs, execute merchant communications, report results, and much more.Learn More
Our 1099K tax reporting and management module provides taxable income reports that conveys amounts reported to the IRS, including sales and deductions for the merchant. The platform also provides comprehensive tools to manage TINs and B-Notices for Backup Withholding to meet regulatory requirements.Learn More
Our HIPAA Help Center solution provides covered entities with the infrastructure they need to comply with the HIPAA standard, including: Risk Assessment, Policies and Procedures (privacy and security), Employee Education and Awareness, Contingency Planning and Testing, Incident Response Management, Business Associate Management, and Asset Management.Learn More