The Flowz approach
Flowz is a SaaS (Software as a Service) business, which provides a solution to record the information flowing around an organisation. The software provides a risk score against the information and flows within the organisation, assisting in the compliance of the new GDPR law.
Many of the articles can be mapped together to give a logical and simple 5-step approach to on-going GDPR compliance (click here for more information). This all starts with knowing what data you hold, about who, for what purpose and the lawful basis. For this reason, much of the initial effort towards GDPR compliance by organisations is first data flow mapping, followed by implementation of systems and processes to capture new processing activities from creation and engage management control for the life of that processing activity. This all comes together in a rich Record of Processing Activity.
Flowz takes the minimum information required for a Record of Processing (), and allows users to add attributes to the data collection templates to enable them to collect data and report on any aspect of their data processing – although it isn’t necessarily only personal data which can be mapped and reported in Flowz, as many customers are using Flowz for other purposes, including corporate data () and contract management.
Flowz adds the facility to give attributes risk indicator values so that information risk can be reported against proportional mitigating controls to meet the conditions for appropriate Security of Processing () and give overall risk indicator values to processing activities for effective DPO monitoring and reporting (GDPR article 39).
Some of the unique benefits that Flowz offers come from overlaying the () approach and definition of Primary Assets. This enables Flowz to report on the different lawful basis (GDPR article 6) for processing of data at rest () and transactional data () and the varying risk of each.
Flowz then introduces a variety of enhanced functions to provide a firm foundation for compliance assurance, including:
- Evaluation of data processing contracts against ()
- Public interest test evidence ()
- Legitimate interests of the data controller test ()
- Assessment of breach reporting requirements ()
Finally, Flowz messaging and workflow automation makes the whole arrangement easy to manage and deploy, for maximum assurance and management control.
The benefits of using Flowz
Supports or delivers GDPR information asset requirements such as
- Data Flow Mapping
- Information Asset Risk Register
- Identifying where contracts and sharing agreements are required
- Identifying flows outside the UK
- Identifying flows which should be pseudonymised
- A valid and up to date risk assessment programme for all Information Assets and flows
- Anti-virus, access control and Business Criticality for Business Continuity
- Network security and mobile and remote working security
Significantly reduces the risk of fines
Reduces the on-going cost of managing information flows and assets through a simple browser-based interface
Supports GDPR information audit requirements such as
- Confidentiality audit
- Multi-professional records and availability audit
- Internal and external coding audit
- Coding audit programme
- Completeness and validity audit
- Information lifecycle audit
Assists with ISO27000 standards compliance
Helps to identify those information assets you didn’t know you had
Ensures information flow mapping becomes a valuable resource rather than a costly annual exercise
Flowz is configured for all small to medium sized companies who purchase the Essentials, Business and Premium Business packages on our website. We offer custom configuration for all enterprise packages, where our dedicated team personalise the system, specific to your organisation.’ To ‘While we offer an out of the box system, we offer services to conjure Flowz to your exact requirements, quickly and easily.
While the Flowz system is intuitive and easy to use, many customers prefer to have training from the system author. Dependent on your approach to training, we are able to provide End User and also Train the Trainer training, either on-site or via WebEx. Be sure to discuss your training requirements with us, so we can design the best solution for you.
Do you have any existing data that you think can be used in your Flowz system? Our technical team may be able to import this data for you, to save you time in getting Flowz up and running.
We will review a sample of the data to see if it can be used and the best way to use it in Flowz, then provide you with an estimate of the associated costs and timeline, to help you get up and running as quickly as possible.
Single Sign On
Through the use of open industry standards and specifications such as SAML 2.0, Flowz can leverage customers’ existing Single Sign-on solutions to manage access to our application.
Support includes SAML 2.0-compliant Federated SSO solutions such as Microsoft Active Directory Federation Services (ADFS) and Shibboleth.
Getting started with Flowz is just a click away. Our team consists of experienced project managers who can guide you every step of the way. We take pride in the work we deliver for our customers and we have a dedicated team of people that will help you manage your organisation, teams, managers and risk owners ensuring everyone knows what needs to be done to comply with the GDPR.
GDPR Support pack
Our GDPR Support Pack combines mandatory and useful GDPR policies, procedures, checklists and templates, with supporting documents for complaint handling, risk management, audits and monitoring, information security and more.
Creating an asset
Creating a flow
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.