Records of Processing | DPIA | SAR Management
Sign up to our FREE web demo to see how the DPIA Module works.
Flowz allows you to meet the requirement of the new General Data Protection Regulation (GDPR – Article 30 records of processing activities) by providing a system for you to record all the information assets under your control, to record the internal ‘owners’ or ‘custodians’ of the data, the categories of data subjects and data collected, the purposes for processing, and the geographical location in which the data may be held. These are the basic requirements. However, having a simple register of the data held just services the GDPR. Flowz can provide you with much more, as follows:
Allows users to record personal or team flows in and out of a department, or the whole organisation.
An administrator may grant or revoke system features for user roles or specific users for their organisation as a whole or for individual organisational units.
Flowz utilises a secure UK Data Centre with easy browser access from any location.
Information, for example lists of users, assets etc. may now be imported directly from Microsoft Excel spreadsheets.
There is the ability to authorise new flows and assets and therefore to build an approval process around them (useful for Senior Risk Owner or Caldicott Guardian approvals of all new flows and assets).
Three dashboards are now available in Flowz tailored by user role, offering asset-centric and flow-centric views across the organisation with the ability to drill down to individual assets and flows.
Information Assets are created as private to their organisational unit by default but may be shared with specific organisational units or the entire organisation.
Flowz has a risk reporting dashboard for users to be able to create reports on specific flows and assets within the organisation. You can also report on individual users or departments.
INTELLIGENT LINKING TO FLOWS OF DATA
Organisations in Flowz may now be structured using Organisational Units and Organisational Hierarchies to better model their real-world counterparts. Organisations may have nested units to accurately reflect their business with each having hierarchies to map their departments, teams etc.
The system allows for information to be calculated with a risk score on your flows and assets. This has a predefined calculation but can be configured manually for any organisation.
Flowz is configured with fields to record all of the attributes required by EU GDPR article 30 – Records of Processing, although is designed so that every part of the system can be closely tailored to an organisations particular needs. We now have industry specific templates for Local Authorities, Higher Education, Health and accountancy, to get you up to speed quickly.
ISO27005 (information risk management) describes assets as at rest and in motion. Where they are in motion (e.g. sent by email) we consider them a subset of the main asset and record them as such, allowing you to record all the incoming and outgoing data from your databases.
Tailored to Fit
Flowz is dynamic and easily customisable at every level, to meet differing organisational needs
Keep the ICO happy
Flowz captures the level of detail needed to satisfy supervisory authorities
Simple to use
Flowz has a simple and intuitive user interface, which speeds up adoption