Northdoor GDPR System of Record helps businesses capture and organise information for reporting and compliance with the EU’s General Data Protection Regulation, and with related regulations such as the UK’s Data Protection Act 2018.
When gathering, organising and managing information relevant to the General Data Protection Regulation (GDPR), it can be hard to know where to begin. Data collection tends to start with either the source data or the reported output from a data flow. In both cases, the result is usually unmanageably large volumes of data.
A better approach is to focus on the processes around personal data, as the GDPR is primarily concerned with those processes and how they impact the Data Subject. While there are a few solutions on the market that claim to provide a system of record for GDPR-related processes, they tend to be costly, inflexible and based on proprietary software.
For businesses seeking a simpler, faster and more cost-effective approach, Northdoor has drawn on its 30-year experience of managing business-critical data in highly regulated industries to create an adaptable toolset built on standard Microsoft Office software.
The Northdoor GDPR System of Record combines custom software, templates, training, ongoing development and support in a single service. Proven in field deployments for major global businesses, the Northdoor solution simplifies and accelerates the maintenance of statutory documentation around the GDPR (and other regulations such as the UK DPA 2018).
In addition to improving the quality of information – reducing the risk of non-compliance, with its significant financial penalties – the Northdoor solution saves time and effort. Freed from the burden of data gathering and management, key employees can instead focus on value-add activities, without jeopardising GDPR compliance.
The solution provides an Excel-based tool for creating a catalogue of personal-data processes within the scope of the GDPR. By helping businesses to capture the right level of detail – enough to ensure compliance without requiring excessive administration – the Northdoor solution provides a robust starting point for addressing Article 30 of the GDPR. Process descriptions can be captured graphically or using text annotation.
A second Excel-based tool enables the population of process descriptions with additional GDPR requirements – for example, to record the legal basis for capturing personal data. Each catalogued process will have its own compliant document.
Once all personal-data processes have been catalogued, documented and mapped to personal-data elements, the solution can provide organisation-wide reporting to meet the requirements of Article 30 – Records of Processing Activities – of the GDPR.
The Northdoor solution includes a threshold reporting tool that collates basic risk scores for each documented process. The Data Protection Officer can then use 13 questions based on UK statutory guidelines to generate an adjusted risk score. Compliant with the GDPR requirement for Privacy by Design, this tool helps businesses determine whether a full DPIA (Data Protection Impact Assessment) is required. As DPIAs become permanent documents requiring periodic review, businesses should not create them indiscriminately.
The Northdoor solution includes templates for setting up and managing DPIAs over their full lifecycle. Scoring and assessments are collated into a control document that helps decision makers understand the identified risks so that they can set up remediation plans.
For more information, please contact us.