The Flowz approach
Flowz is a SaaS (Software as a Service) business, which provides a solution to record the information flowing around an organisation. The software provides a risk score against the information and flows within the organisation, assisting in the compliance of the new GDPR law.
Many of the GDPR articles can be mapped together to give a logical and simple 5-step approach to on-going GDPR compliance (click here for more information). This all starts with knowing what data you hold, about who, for what purpose and the lawful basis. For this reason, much of the initial effort towards GDPR compliance by organisations is first data flow mapping, followed by implementation of systems and processes to capture new processing activities from creation and engage management control for the life of that processing activity. This all comes together in a rich Record of Processing Activity.
Flowz takes the minimum information required for a Record of Processing (GDPR article 30/recital 82), and allows users to add attributes to the data collection templates to enable them to collect data and report on any aspect of their data processing – although it isn’t necessarily only personal data which can be mapped and reported in Flowz, as many customers are using Flowz for other purposes, including corporate data (FoIA) and contract management.
Flowz adds the facility to give attributes risk indicator values so that information risk can be reported against proportional mitigating controls to meet the conditions for appropriate Security of Processing (GDPR article 32/recital 83) and give overall risk indicator values to processing activities for effective DPO monitoring and reporting (GDPR article 39).
Some of the unique benefits that Flowz offers come from overlaying the ISO27005 (Information Security Risk Management Standard) approach and definition of Primary Assets. This enables Flowz to report on the different lawful basis (GDPR article 6) for processing of data at rest (Information Assets) and transactional data (Data Flows) and the varying risk of each.
Flowz then introduces a variety of enhanced functions to provide a firm foundation for compliance assurance, including:
- Evaluation of data processing contracts against (GDPR article 28)
- Public interest test evidence (GDPR article 6(e))
- Legitimate interests of the data controller test (GDPR article 6(f))
- Assessment of breach reporting requirements (GDPR article 33)
Finally, Flowz messaging and workflow automation makes the whole arrangement easy to manage and deploy, for maximum assurance and management control.
The benefits of using Flowz
Supports or delivers GDPR information asset requirements such as
- Data Flow Mapping
- Information Asset Risk Register
- Identifying where contracts and sharing agreements are required
- Identifying flows outside the UK
- Identifying flows which should be pseudonymised
- A valid and up to date risk assessment programme for all Information Assets and flows
- Anti-virus, access control and Business Criticality for Business Continuity
- Network security and mobile and remote working security
Significantly reduces the risk of fines
Reduces the on-going cost of managing information flows and assets through a simple browser-based interface
Supports GDPR information audit requirements such as
- Confidentiality audit
- Multi-professional records and availability audit
- Internal and external coding audit
- Coding audit programme
- Completeness and validity audit
- Information lifecycle audit
Assists with ISO27000 standards compliance
Helps to identify those information assets you didn’t know you had
Ensures information flow mapping becomes a valuable resource rather than a costly annual exercise