Organize compliance with legal and contractual GDPR obligations
SBR Powerhouse developed the SBC Management System in collaboration with privacy experts and users at Duthler Associates, and they provide maintenance and continued functionality.
With these IT services, you and your privacy colleagues will organize GDPR compliance with legal and contractual obligations, and business management can meet accountability.
The SBC Management System provides an overview and insight into your organization’s business activities, business processes and processing of personal data. The processor agreements and the obligations derived from them are listed. You systematically record data subject requests and incidents. The organization has a grip on finishing the requests of the person involved and settling incidents.
At the request of users of the SBC Management System and consultation with professionals from Duthler Associates, SBR Powerhouse staff develops user stories that, after approval by the Functionality Board, are realized by a system development team. In this way, users ensure that the system retains its value.
What do you get?
Register of processing operations: This is how a controller or processor maintains an overview and understanding of personal data processing operations. Processing operations are part of the business processes by which business activities are organized and supported by IT systems.
Data breach register: In the data breach register, you record management and security incidents involving personal data. Then you keep track of finishing incidents that may escalate into data breaches. When an incident/data breach is reported, the registry provides for recording communication with organizational units, the data subject, processors and regulators. Provision is made for recording the considerations of whether or not to report to the supervisor and data subject.
Register of data subjects: The data subject has a range of rights that she can exercise with the controller. Under the GDPR, data subjects have more rights, such as the right to data portability, right to access, correction and deletion. The SBCM has a registry to record and track the requests of those affected, including a display of the status of the requests.
Register of contracts: You will have a register of contracts. The need to have an overview and insight into your contracts and to record these contracts properly in a contract administration or registry is obvious: failure to fulfill contract agreements or to renew or terminate contracts in a timely manner can have major adverse and financial consequences for the organization.
Register of investigations: Here you can record the results of all kinds of investigations, ranging from an external audit and a conducted DPIA to continuous monitoring of the operation of your control measures.
Organize accountability: The records and logging of the SBC Management System clearly show who made what changes at what time. This creates a systematic and controlled record of facts that is part of the basis for meeting the accountability obligation of Article 5.2 AVG.
Consulting
There are times when you need additional capacity to organize data protection and privacy. Therefore, you can call on call our professionals who are good with SBC Management System and the company-specific learning environment. An overview of possible activities:
- Build and manage the processing registry to which processes and information systems are linked;
- Organize, record, follow up and report incidents and data breaches;
- Organize, record and follow up on requests from stakeholders;
- Organize, document and follow up on contracts including processor and data exchange contracts;
- Conducting investigations including DPIAs and then following up on the findings; and
- Organizing the legal accountability data protection.
Training
Users of the SBC Management System also receive a company-specific learning environment and Duthler Academy’s “protecting personal data” awareness and training program. This creates a more complete package of measures:
- Awareness and training program protect personal data; and
- SBC Management System, privacy accounting.
Latest news
You need LEF to properly organize business activities
Introduction For company management and management, knowing the Legal Entity Framework (LEF) of thei…
Do you have any questions or would you like to make an appointment?
Do you have questions about organizing, implementing or building the SBC Management System? Please feel free to contact us.