Manage your ROPA to identify data protection risks, maintain policies and procedures and provide colleagues with e-learning materials, from one single platform.
Record of Processing Activities
The Record of Processing Activities (ROPA) is a requirement of most organisations, as defined in article 30 of the GDPR. Even if not required by law the ROPA forms the baseline for data protection compliance, allowing an organisation to evidence where personal data is used and identify data usage risk.
By establishing a small network of data champions within your organisation you can determine where data is processed. This allows your Data Protection Officer (DPO) or equivalent, to obtain a holistic view and demonstrate compliance.
The ROPA can be updated through our Activity Workflow, allowing your Data Champions to update it through workshops, one to ones or lone assessments.
As information is added to the ROPA risks are identified and added to your risk log. Through screen tips and dynamic questions, ProvePrivacy provides user feedback throughout. Assisted assessments inform action plans and provide guidance on whether an activity should be referred to the DPO.
Identify where your risks are at a glance and determine which department, supplier or activity requires further remediation. Use the systems recommendations to define next steps.
The data sharing assessment allows you to understand where personal data is shared with your suppliers. It enables you to assess the compliance of your contracts, demonstrate that your data remains secure and store supplier documentation alongside supplier assessments.
The Data Management assessment allows you to identify where data is stored in your organisation both whilst it is ‘in use’ and ‘in retention’, informing your data retention periods and rationale.
It is one thing having a Data Protection Impact Assessment (DPIA) template, but when do you need to complete it? Our high risk assessment uses the information that you have entered about an activity to highlight when a DPIA is needed, it then walks you through the process of assessing the risk.
Why use ProvePrivacy to manage personal data and privacy risks?
– Build a simple solution, so that none data protection experts can use it; and
– Ensure that data protection risks are captured and addressed
This enables your organisation to manage compliance simply and effectively.
One clear advantage of ProvePrivacy is the ability to manage risks identified in different areas of the business. From data breaches to data subjects rights requests and the ROPA, all risks can be identified and logged.
The risk module is the central place for all risks allowing them to be assessed, graded and action plans put in place.
As it learns more about your organisation ProvePrivacy naturally identifies risks and allows you to manage them through our Risk Management module. By also adding your own risks as you identify them a single place to monitor your data protection risks is created.
Each risk can hold its own mitigation plan which includes any number of actions. Action planning allows you to allocate individual actions to staff and monitor their completion, providing a single viewpoint of progress.
Our policy module allows each document owner to add policy, procedure or standard forms to ProvePrivacy. Any policy can be added for any department (these are not restricted to data protection policies) and once added will be assigned to the appropriate staff to be read.
ProvePrivacy maintains a record of who has read and understood each document, and provides annual reminders to the document owner is reminded to review and re-issue policies.
This demonstrates that colleagues understand policy at regular intervals.
Policy Management enables the management of all company policies (not just those relating to data protection). It provides evidence that all of the required staff have ‘read and understood’ the policies on an annual basis. In addition it ensures the document owners regularly review and update policies to keep them current.
When adding and putting a document live the owner is asked to provide a document review date. This is then used to issue a reminder to ensure that all policies are regularly reviewed and remain in line with regulatory changes. Once reviewed all appropriate colleagues will need to re-read the revised policy.
The knowledgezone is the e-learning module provided within ProvePrivacy. Training includes a Data Protection and Security Awareness course, tutorials on how to use ProvePrivacy and topics such as the importance of breach reporting.
Tutorial videos are available to all individuals within an organisation and provide short introductions to different topics such as system usage and data protection topics.
The Online Training module enables you to demonstrate that staff have completed data protection & security awareness training. This provides staff with CPD for their development records.
We are always adding additional courses provided by our sister company knowledgezone. Other courses such as Health & Safety in the Office and Modern Slavery Awareness are available at an additional cost.
If you have video course material of your own these can be added to ProvePrivacy. This will enable you to use the evidencing reporting in ProvePrivacy to show that your own courses have been completed by colleagues.
What our clients say
Data, Data, Data. Mark is the man. Every time I have a question about data in either a business or IT scenario Mark is my first port of call. If you need help or advice with Data Protection or compliance with data regulation. This is where you go.
ProvePrivacy is an easy to use system and I think the work you’ve done by implementing the data retention schedule a great advantage point for the Higher Education sector.
Anglia Ruskin University
David Humphreys - Information Governance Manager
ProvePrivacy is a very intuitive and user-friendly tool, which will be really helpful for fundraisers who might have limited data protection experience or be engaging with information governance for the first time. The fact that it was so thorough seemed like it could be really beneficial in terms of ensuring all data protection information about a given product or activity is held in one place.
International Aid Charity
Just completed the GDPR Foundation Course , which gave me a big uplift in knowledge on the new standard. The course was thorough and delivered very professionally but they key benefit for me was Mark’s ability to bring the material to life by providing and discussing examples. I would definitely recommend this training.
I’ve just completed GDPR Foundation training and thoroughly recommend it. I went in with a good working knowledge of the Data Protection Act, but not much real knowledge of how if differs to new legislation such as GDPR. By the end of the session I felt I had a really good understanding of the key aspects of GDPR, and what it will mean in practice – invaluable – and what made it even better was that I also passed the exam at the end !
Having worked with the principal director Mark, I can say that it is good to see that a courteous, professional and client dedicated experience with the end client goals always in the sights for delivery, being offered within the UK market. Having used their consulting services on a number of fronts and most recently for some training for my business on GDPR I can thoroughly recommend this team.
I attended the GDPR Foundation Course and prior to attending the course the team took the time to discuss the course content and who it was aimed at. The course itself was run at a good speed in a small manageable group which allowed the group more of the tutor’s time allowing us all and go over anything we were unsure of. The pace of the course was good with open discussion on each of the modules. The theory was brought to life with real examples where you could use it in the workplace.
Operations Manger, KPMG
I attended one of the Foundation courses and would recommend it to anyone wanting to learn more about the organisational impact of GDPR. Mark is a very engaging presenter with an extensive knowledge of the regulation and is able to summarise effectively the practical implications of the regulation on businesses of all sizes.
Senior Product Owner, Jaguar Land Rover
I wholeheartedly recommend Mark’s services around GDPR consultancy and training. He understands the regulations, how they impact companies and how firms can succeed on the journey to compliance and beyond. Moreover, given his programme management and compliance background, Mark is ideally placed to accompany organisations on that route.