Spearline Data Protection will allow you to centralise the management of your GDPR compliance. It is a workflow tool that gives you a central place to record all of your GDPR efforts including your privacy-related policies and procedures. Our solution will allow you to identify, investigate and report on any breaches that may occur in your organisation. We developed an easy-to-use software tool that allows you to pick and choose the modules that best fit the individual needs of your business.
This toolkit identifies and tracks the data assets and processes where data is held. A four staged data mapping approach covers identification of the asset or process, documents core details and attributes of what kind of data is held, on whom, where it is stored, where it is transferred and what technical and security measures are in place. Additionally this tool kit assists risk management and remediation of any data protection concerns.
A repository for policy documents that allows you to identify and link the key policies, procedures and notices pertaining to data protection. This module facilitates the dissemination of policies and procedures across the organisation to ensure the requisite awareness and training is available to all employees.
Designed to help you identify data protection vulnerabilities and risks so that you can generate solutions to minimise risk and create contingency plans should an incident occur. It also allows you to document your efforts to implement appropriate technical and organisational measures safeguarding the data you hold. Bringing together all the individual modules into a master risk register, this tool facilitates prioritisation, escalation and remediation strategies.
data subject access request (dSAR)
Allows you to manage all inbound DSAR requests and provides a URL for your website to facilitate requests via a form helping to streamline the process. Facilitates prioritisation of requests that are nearing the 1 month window ensuring you meet your deadline. Overview function to assess how many requests need to be responded to and direct the request across the organisation such that the appropriate departments can retrieve the relevant details.
A registrar of your entire vendor database with the ability to bulk upload vendor details to the system via CSV files, categorising and keeping a record of their compliance status. This demonstrates the due diligence your organisation has performed on 3rd parties who may be processing data on behalf of your organisation.
Allows you to prepare for incident escalation and breach reporting. Populate this module with incident management details to quickly escalate a remediation response should a breach occur and you need to show details to your Supervisory Authority.
Data Protection Impact Assessment (DPIA)
Allows you to identify and mitigate against any data protection related risks that could occur with a new project. This module presents you with a self assessment tool to determine whether a DPIA is needed or not. Once the decision has been made to proceed the module will present you with a data mapping and risk management exercise to complete.
A consent register that ensures you have proof of consent for all the personal data you are processing. This register allows you to track the type of consent received, when consent was given and what processing the consent extended to. This helps you to process data safely and legally.
Allows you to demonstrate the work you have done on your compliance programme with the provision of an audit trail showing when changes and updates were made and by whom. Additionally, the ability to record how decisions were reached offers transparency into how your compliance programme took shape. This reflects your commitment to the accountability and transparency principles which are cornerstones of the GDPR.
Allows you to import details from CSV files to quickly and accurately populate the software with your employee list, vendor list and most importantly details of all your data mapping activities. This ensures that details of the data process mapping activity is efficiently migrated over and the work you have already done is easily uploaded simplifying integration to our system.
Regulator roles self-assessments
Allows your privacy specialist determine who the appropriate lead supervisory authority should be and whether a DPO or EU representative is needed for your organisation. Storage of details for regulatory roles within the solution enriches your crisis management plans supplying you with the details of the relevant personnel at the touch of a button should an incident arise.
Holding co/subsidiary structure
Allows use of one centralised privacy management solution across all organisations. Many organisations today have complex corporate structures that span multiple territories and jurisdictions. The Spearline Data Protection solution supports the operationalisation of the privacy programmes across complex organisational structures through its parent/subsidiary configuration. Subsequently reports and metrics can be generated across the entire organisation.