Properly organizing your privacy administration
SBRPowerhouse has released a new release of the SBC Management System. The taxonomy-driven system has been replaced by cloud technology. Thanks to the new functionalities, professionals can support you, as the controller or processor of personal data, even better in the field of privacy compliance and information security.
The privacy administrations of existing customers have already been migrated. SBRPowerhouse has also renewed its service desk (knowledge base and first-line support) and redefined the customer relationship together with our professionals.
Users are very enthusiastic and according to our privacy professionals, the management system is robust and pleasant to use. You can choose to set up and manage your own privacy administration. You can also hire one of our privacy professionals for this.
We recognize that while protecting personal data starts with privacy accounting, behavioral change is also needed. We support the organization of the desired behavioral change with awareness and training programs. You can offer this to your employees with a company-specific e-learning environment.
With the privacy administration you have more certainty that your company is compliant with legal and contractual obligations in the field of privacy and information security. SBRPowerhouse explicitly involves users in the development of new functionalities.
What functionality?
The functional requirements of the management system are derived from the legal framework and the emphasis placed by supervisors when carrying out statutory tasks, such as those of the European guidelines of the EDPB and the supervision carried out by the Authority in particular Personal data. This results in the following functionalities for a short and good time:
- a register of processing operations, which is demonstrably up-to-date;
- a register of security incidents and data breaches;
- demonstrable awareness and knowledge among management and employees;
- a register of contracts;
- an administration with requests from data subjects;
- an overview of processing operations, processes and supporting IT systems;
- studies carried out (including DPIAs) whose findings have been followed up; and
- a solid basis for meeting legal accountability.
The set-up of the management system makes it possible for a controller and processor to carry out several administrations at the same time. A Data Protection Officer (DPO) can serve multiple clients using the management system.
What is the user group?
The scope and scope of organizations’ business activities determine the scope and depth of functional requirements for privacy and information security. For controllers who, for example, process special personal data, additional requirements apply to the minimum functional package as we have indicated above.
SBRPowerhouse is happy to supplement the functional requirements for privacy and information security for specific business activities and, if desired, to provide them.
SBRPowerhouse regularly organizes (virtual) user meetings in which desired and elaborated functionalities are discussed. It makes an inventory of the functional requirements and wishes and, based on this, proposes functional additions to the users of the management system.
Ultimately, the Functionality Board of SBRPowerhouse decides which functionalities will be realized.
Organizing accountability
The GDPR obliges companies (controllers and (sub)processors) to demonstrate that they effectively comply with the privacy rules. More specifically, they must account for the effective functioning of control measures taken that adequately protect personal data.
The conduct of a privacy administration and e-learning environment form the foundation to meet this accountability.
Professional support on demand
It happens that a company needs professional support on demand. The reason may consist of changing the nature and size of the business activities or new IT systems that support business processes with which business activities are effectively organized. It also happens that there is simply no capacity (anymore).
For all these situations, our professionals can be called upon. Please feel free to contact us.
Finally
Any controller, processor and sub-processor of personal data can use the management system and an e-learning environment. With this, a company takes a good and important step towards complying with legal and contractual obligations in the field of privacy and information security.
Interest
Please feel free to contact us. Don’t want to miss our important updates and publications (blogs, articles and news)? Then subscribe to our newsletter.