As of May 25, 2018, the General Data Protection Regulation (GDPR) is in effect. Drawn up by the EU, it requires businesses to protect the personal data and privacy of EU citizens and residents. With this new regulation also comes a new risk: a potential fine if you’re not compliant. How to prevent this? Use our ServiceNow GDPR app to ensure control and compliancy!
From this regulation, the need for a GDPR controlling tool has risen. A tool that helps you with key controlling processes that are mandatory by law.
We have broad experience in the field of GRC solutions. Based on our multidisciplinary experiences and experts we have developed and successfully implemented the ServiceNow GDPR4U app at several multinational clients. Our total package of off-the-shelf products and in-house expertise allows us to fully leverage the ServiceNow platform and will help you to accelerate and enable your entire (IT) Risk, Privacy and Compliance organization.
Read our blog about Smooth sailing to GDPR compliancy
The GDPR4U app specifically facilitates the easy implementation and execution of 3 key controlling processes that are mandatory by law to have in place and are required to demonstrate a baseline level of compliancy with respect to GDPR.
GDPR4U will help your organization to build a structured registry of personal data processing that you can easily update and maintain. Creating this overview is the key first step in getting grip on privacy risks within your organization. Using ServiceNow to do so, has a unique advantage because of the CMDB which is a core element of the platform. As personal data is being processed for the majority part in business applications, having an up to date CMDB is a key requirement in producing a logical, complete and accurate registry of personal data processing.
Following this, the Data Protection Impact Assessments (DPIA) module will allow you to perform DPIAs and subsequently have a neatly organized audit file for potential future audits.
For new or existing products or services within the organization, the responsible data or product owner(s) and the data protection officer should determine whether this product or service (potentially) impacts personal identifiable data. In other words: determining the exposure of the personal data that is being maintained/processed in the organization.
By means of a ‘quick scan’ (i.e. several screening questions) an initial risk score is determined. Subsequently, when the initial risk score exceeds a certain threshold, a full DPIA including a risk assessment must be performed, based on a (predefined) extended questionnaire. The results are managed centrally in ServiceNow, which can be consulted later in e.g. (external) Audits.
Finally, the GDPR4U application offers a standardized workflow for handling GDPR data breaches, which is a mandatory requirement for GDPR.
When there is a (potential) data breach, this should be assessed by the parties involved and Data Protection Officer. If a GDPR data breach has been determined, this must be reported to the National Data Protection Authority within 72 hours. The mandatory analysis steps that need to be followed have been pre-configured in the application to ensure that the required actions are taken in the event of a GDPR data breach.
Combining these functionalities, a basic set of key controlling processes are offered in our off-the-shelf application, allowing your organization to rapidly accelerate the maturity of your privacy (risk) organization and demonstrate compliancy and control with respect to personal data handling.
The GDPR4U app has proved to be an excellent starting point in your GDPR compliancy implementation. Not only will the app clearly instruct and direct your key users and organization in an efficient manner, it also automatically serves as a complete and accurate control evidence repository, which is a key unique selling point from an audit perspective.
We can help you implement the app following our workshop methodology. This way, the current client situation is analyzed by our field experts and if required, the app is customized based on the clients’ needs. Our combination of practitioner, technical and organizational experts allow us to swiftly deploy a fully functioning GDPR solution tailored to your organization’s needs.