GDPRoofed data privacy management software

Handle all your GDPR related information and registry in one centralized software solution

Our system supports organisations to easily keep an up-to-date information about data collected from individuals. You can use our software to comply with the new EU General Data Protection Regulation (GDPR). You can make the registry manually or the system can be integrated with operational systems. We don't store any personal data, just meta-information. 

Time left until GDPR shall apply

What is GDPR?

GDPR is the General Data Protection Regulation published by the European Union effective as of 25 May 2018. The regulation is basically about the processing, protection and free movement of personal data related to natural persons.
GDPR aims to ensure the protection of personal data and privacy and it focuses on natural persons and their data.

The key principles of GDPR related to the processing of personal data are as follows:
• Lawfulness, fairness and transparency: that is, personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
• Purpose limitation: personal data shall be collected for specified purposes.
• Data minimisation: personal data shall be stored to an extent limited to what is necessary.
• Accuracy: the processed data shall be accurate and complete.
• Storage limitation: personal data shall be kept for no longer than is necessary for the purposes for which they are processed.
• Integrity and confidentiality: personal data shall be protected using appropriate technical or organisational measures.
The principle of accountability is closely related to the above meaning that the controller shall be responsible for, and be able to demonstrate compliance with the above principles.

Data map

A key component of any GDPR filing system is an up-to-date Data Map. The Data Map of GDPRoofed shows the personal data stored by the company specifying the storage system, the ID and the purpose of storing them. A well-structured filing system identifies which data of which systems are involved in profiling, or disclosed to a third-party country or organization, and even specifies the duration of data retention.
To prevent additional security risks, the Data Map stores only external system IDs rather than personal data.
The Data Map can be compiled manually, but to have an up-to-date filing system, GDPRoofed needs to be integrated with the systems storing personal data. Such integration is supported by standard (REST- API) interfaces developed for the system.

Right requests records

GDPRoofed can keep records of any event when a natural person requests their right of control over their personal data. Such instances of exercising control are always stored indicating their status, that is, the filing system shows which instances have been completed and which are still in progress.
The right requests are stored together with the external ID of the person who requested them. If an action is taken (e.g. data deletion is initiated) it can always be verified whether the personal data with the given ID have been actually deleted from the affected systems.

Incident management

The GDPRoofed application provides a feature linked to the Data Map to keep records of incidents. As a result, you can always identify which personal data of which ID and which system are affected by an incident. Data protection incidents can also be transmitted to the Data Protection Authority (automatically or manually).
The feature storing the records of data protection incidents can be integrated with the company’s existing workflow system to fully automate the management of several incidents.

Data transmission by Data Processor

Data Processor shall be responsible for data processing by the Data Processors employed by it. To support this, GDPRoofed can keep records of data processor contracts and data transmission related to such contracts. The filing system enables the easy identification of the time of transmission to data processor, the type of data transmitted and the recipient. Data processor contracts can be entered manually or automatically using the standard interfaces provided by the application.

Data Privacy Impact Assessment (DPIA)

GDPRoofed supports privacy impact assessment using the CNIL methodology. The application navigates project managers through the steps of privacy impact assessment based on the guidance of CNIL methodology and produces a detailed Data Privacy Impact Assessment (DPIA) report at the end of the process.

Anonymization

The function can be used to anonimze typical personal data in databases.

Dataflow Designer

The Dataflow Designer of GDPRoofed gives a visual representation of data movements within the organization. A properly used Dataflow Designer recording all data movements maintains the transparency of data assets and helps identify unnecessary data movements and data duplications within the company.

AD integration (LDAP)

Authorization can be integrated with any LDAP/Active directory solution.

We don’t store any specific personal data

The software never stores any specific personal data. It stores just the meta-informations about them.

Reporting

Standard and ad-hoc reports help the effective business decisions.

Data discovery

The Data discovery module of GDPRoofed is capable of scanning data sets at a database level and recognizing database tables and columns including personal data. Based on the result of scanning, a report is generated that can be used for creating a personal data map after expert validation.

Automatic Data Deletion

The Automatic Data Deletion module of GDPRoofed manages the issue of deleting data from archive systems. Using this feature, you can delete data at any time, after one-off preliminary processing in the archives, even without accessing the archives.

Data Collector

The system can identify customers in various personal data processing systems based on their natural identifiers and then gather the relevant data from the connected systems. The system can also organize the gathered data into a data structure or report

Partners

Services

Data asset assessment

Software as a Service/On-premise

GDPR legal counselling

Automated data discovery

Pricing Tables


Functions/Limitations

Data map

Data right request

Incident management

DPIA

Reports

Dashboard

Integration (Rest API, .CSV)

Excel import

Customization

On-premise data storage option

Number of recordable systems

Number of unique natural person data

Number of users


Small Business

1999 EUR + VAT yearly




Max. 10

Max. 100 000

Unlimited

Standard

6099 EUR + VAT yearly




Unlimited

Unlimited

Unlimited

Integrated

13599 EUR + VAT  yearly



Max. 25

Max. 500 000

Unlimited

Enterprise

Call us

Unlimited

Unlimited

Unlimited

Avoid the penalties and profit from the regulation

By introducing this system you not only comply with the GDPR requirements but you also have an up-to-date picture of your data asset. 

Technology

Java, Oracle/PostgreSQL/MSSQL, Webservice, REST API, Wildfly, JPA

News

On-premise projects

We are already implementing some on-premise projects with our software. Our product is evolving all the time right now to…

Cloud services, SaaS

We are proud to announce our software as a service solution. From now you can use our GDPR data privacy…

Live demo-s

We have started the technical demonstration of our software to our customers. So far our solution has received positive feedbacks.…

To get the latest information sign up to our newsletter

Contact

DSS Consulting Kft.

+36-1 345 0900
info@gdproofed.com
Head office

Hungary
1113 Budapest, Nagyszolos str.11-15
Phone: +36 1 345 0900
Fax: +36 1 345 0909
E-mail: info@gdproofed.com

Our office in Pecs:
7630 Pecs, Finn str. 1/1