Don't complain. Just comply.

From May 25, 2018 the EU GDPR will change the way companies have to process all individuals data (Customers, Employees, Partners and Suppliers). This will require new training for their employees, new legal contracts, new data privacy procedures and new data management processes for companies operating in any EU country.

WHAT WILL CHANGE

The new regulation was created to address outdated data protection laws, made obsolete by the exponential growth of social media and cloud storage trends, specifically addressing more and more frequent data security breach issues and data/identity thefts.

The first step to ensuring compliance with the new regulation will require a major revision of each company’s internal systems and data process management and security as well as new procedures and job positions to help ensure data is properly protected and managed.

WHAT GDPR AFFECTS

Data.

Data is the key. It’s important to determine what data you have for each individual, why you have each data item and if you are allowed to use it, store it and for how long.

Infrastructure.

You need to ensure that all systems and departments within your company are covered, including emails, shared drives, personal devices and paper.

Security.

All individual’s data needs to be handled and stored securely, including who can see it and change it, to ensure privacy and avoid loss or abuse.

Processes.

In order to become and stay GDPR compliant, it’s crucial to create new processes that demonstrate compliance with the spirit and letter of the new regulations. You need to handle all individual requests and incidents within 72 hours.

GDPR WILL TAKE EFFECT IN

  • 00Days
  • 00Hours
  • 00Minutes
  • 00Seconds

4 STEPS TO BECOME AND STAY GDPR COMPLIANT

01

ASSESS CURRENT STATUS

Readiness Assessment, GAP Analysis and Data Privacy Impact Assessment. All these refer to the same basic principal – will GDPR affect how you handle personal data and what do you need to get ready to secure the personal data you are now keeping and plan to collect in the future.

02

DATA MAPPING

You will need to know where you store personal data, how you store it, why you have it, how long you keep it, how you delete it and who can access it. Having a data map done, and easily accessible and maintainable in the future is the first step to make sure you are ready for GDPR.

03

MASTER DATA MANAGEMENT

Centralizing Master Data Management (MDM) into a unified tool, and harmonizing your master data into a “Golden” Record – the single source of truth – is important to ensure you maintain data only once and from one place.

04

OPERATIONS (BEFORE & AFTER)

Ensure that before May 2018 you have prepared and tested all processes to handle external requests, incidents & crisis, auditing who saw and changed data, internal guidelines & training for staff, legal reasons for each piece of personal data and changes to systems that impact personal data. 

HOW XEELO CAN HELP YOU

PERFORM AND TRACK ASSESSMENTS & AUDITS

Xeelo GDPR allows you to create a set of audit/assessment questions, or use generic ones from our data bank. Then build up your own assessment that can be sent and tracked across the entire company, or specific questionnaires  for individual departments.

By managing the Self-assessment/audit via Xeelo GDPR, you can keep track of who has responded and collect answers to important questions like:

  • What personal data are you processing across the company?
  • Are you in the role of controller, processor, or recipient of personal information?
  • Why is personal data collected and do we have the right to use it?
  • Which third-parties do you share the data with?
  • How is personal information protected?

Answers to these questions and others – as a part of the Data Audit – will not only serve as a verifiable source for the Data Map, but also help you discover potential deficiencies and risks in the company.

You can also send out new questions at any time, to ensure ongoing compliance, and to manage your audit processes after May 2018.

Xeelo GDPR Audit
Xeelo GDPR Data Map

DATA MAPPING

With Xeelo GDPR you can build a quick and easy view of all your data, or import already prepared data lists from Excel, and visualise how personal data is linked across systems, tables and fields.

This simple view will allow you to drill across all Personal Data, and identify where it is stored across the company, why it exists and how it enters your systems.

The Data Map will continue to grow automatically if you also use Xeelo GDPR as your Master Data Management solution, ensuring that you don’t need to manually collect and update data maps in the future.

MASTER DATA MANAGEMENT

Xeelo Master Data Management (MDM) was designed with full auditing and versioning capabilities, extensive user access right controls and automated compliance warnings. Xeelo MDM has years of proven experience supporting Sarbanes-Oxley compliance and fulfilling external auditor requirements for data security.

Xeelo Data Exchange (XDX) has been developed to help support the central management of master data across all systems that exist in a company. We use the latest in encryption and communication technology to allow us to connect to any existing system, no matter how old or new, and make sure that you always have the same, identical, data record in all systems.

Xeelo GDPR combines both these systems (MDM and XDX), and brings you the power to fully control and track all changes to Personal Data held in your company from a single, user friendly interface, guaranteeing maximum security of Personal Data.

GDPR Master Data
Xeelo GDPR Incident DIagram

HANDLE GDPR OPERATIONAL REQUIREMENTS

GDPR is a set of continuous activities and processes, it doesn’t STOP on May 25, 2018 – it BEGINS!
Therefore you need to ensure there are appropriate processes in place, to demonstrate that you have achieved compliance, and are maintaining compliance with GDPR all the time.

Xeelo GDPR brings all the processes you need, in a single platform and helps you demonstrate compliance with:

  • External & Internal Data requests
  • Incidents & Crisis Management
  • Government Form Submissions
  • 3rd Country (non-EU) Data Transfer Requests & Notifications
  • Legal Title & Consent Management (Individuals)
  • Change Requests – Impact to IT systems & Personal Data
  • Training Plans & Attendance Management
  • Distribution of Internal Policies & Documents
  • Audit & Corporate Governance
  • Audit Deficiencies & Resolution tracking
  • Risk Management & Risk Register
  • Internal FAQ & GDPR Guidelines for all EU Countries

ASK FOR A MEETING OR A DEMO