Challenges

The General Data Protection Regulation (GDPR) brings in an urgent need for organizations to change the way personal data pertaining to EU citizens is processed and managed. Data handling being a companywide activity, GDPR will not just affect some parts but the whole of an organization. In order to safeguard EU citizen’s rights and achieve compliance, new roles, such as Data Protection Officers (DPO), Processing Activity Owners and National Representatives, will have to be defined and assigned.

Activities processing personal data will have to be identified, their risk assessed and addressed in order to demonstrate GDPR compliance to the Supervisory Authority.

Beyond the demonstration of compliance, organizations will have to consider “privacy by design”. Any business process and application performing the processing activities will have to be closely monitored for any changes affecting GDPR compliance. In return, any proposed changes to processing activities will in turn have to be reflected in the corresponding business process and applications handling the data.

Solutions

MEGA’s HOPEX GDPR compliance solution gives your GDPR team (Data Protection Officer (DPO), Processing Activity Owners and Data Protection/Data Compliance stakeholders) step-by-step guidance and collaborative tools to gain insight into achieving compliance.. HOPEX GDPR also integrates up-to-date regulatory content and legal templates to inform and accelerate remediation plans as well as dedicated reports to demonstrate compliance.

The solution is backed by MEGA’s HOPEX platform and connects people, process and technology through detailed business process models. One centralized repository offers a “single source of truth” holding the most up-to-date descriptions of your data processing business processes and applications. This ensures continuous collaboration between the transformation and GDPR teams.

Our HOPEX GDPR solution helps your organization manage GDPR compliance in a simple and structured way that does not impede business operations. Our powerful modeling capabilities enable you to integrate data privacy and customer experience and create true competitive advantage.

 

General Data Protection Regulation (GDPR) Planning

  • Step 1: Perform an initial assessment: Perform a preliminary GDPR impact assessment, involving all data privacy/compliance stakeholders, to understand how the regulation effects the organization. Define which processing activities require a Data Protection Impact Assessment (DPIA) by defining the data category, purpose and sensitivity for each activity.
  • Step 2: Identify compliance priorities: Cross-reference data categories and business processes to identify which processes utilize personal data. Prioritize compliance actions based on analysis.
  • Step 3: Complete a Data Protection Impact Assessment (DPIA): Automatically generate a DPIA that includes business process documentation, assessment of the regulatory risks, description of mitigation measures.

 

General Data Protection Regulation (GDPR) Implementation

  • Step 4: Execute the remediation plan: Secure processes and applications that control or process personal data without impacting business agility. Document and communicate with compliance stakeholders.
  • Step 5: Track incidents: Enable any person within the business to report compliance incidents. The DPO and other compliance leaders can centrally review reported incidents, assign severity and notate remediation activities to manage ongoing compliance.
  • Step 6: Demonstrate compliance: Easily produce key reports that prove that all data privacy requirements are met. These include record of processing activities, record of data breaches and DPIA.