Flowz Newsletter – Summer 2019

The FUG (Flowz User Group)

This FUG meeting largely focused on how users can implement DPIAs in Flowz. The meeting allowed our users to interact, and provide feedback on how they are managing their systems.  David Stone was again the Lead Speaker at the event and covered topics including:

 

  • What we did/are doing this summer – product pipeline
  • Feedback – training and online training sessions
  • Feedback – online forum
  • What is a DPIA and when do we need one
  • New DPIA Functionality demo
  • Implementing the DPIA function and early adopters
  • AOB – what is happening in the world of GDPR – fines, ethics and actions

Training and online training sessions

As discussed during the latest FUG event there are number of Flowz training YouTube videos available here.

We offer a range of training from GDPR training to system administration training. If you would like to arrange a bespoke training session with one of our trainers, please email us on info@flowz.co.uk.

 

Online forum

We are now actively using the forum to address customer queries and new developments within Flowz. To access our online forum, please go to https://flowz.co.uk/community/

There are a number of categories available where you can discuss any issues:

  • New Ideas
  • Reporting
  • Health
  • Higher education
  • GDPR
  • Local Authority
  • Flowz Internal

If you wish to join the discussion sign up by clicking here and follow the steps below:

  1. Click on register in the top menu bar.
  2. Enter a username, email address and password to create your account.
  3. Once you register, you will be taken to a profile page.  Here you can add details about who you are, maybe where you work and even a photo of yourself if you wish.  This is a good way for people in our community to know who they are talking to.
  4. Once you have set up your profile, you can go back to the home of the forum and start a topic.
    1. By doing this, first click on Forum
    2. Then click on Main Forum
  5. When you are in the main forum you can start a topic.
  6. Click Add topic.
  7. Enter details about your topic and press submit.
  8. When you submit the topic, our team will receive an email about the topic and can pass it on to a suitable member of staff to respond. 

Flowz Development Pipeline

Summer/Autumn:

  • Consistency
  • Scoring
  • Reporting
  • Notifications
  • Messaging

Autumn/Winter:

  • Subject Access Requests
  • User created Questionnaires

Winter/Spring:

  • FOIA (Freedom of Information Act)
  • Breach reporting

What is a Data Protection Impact Assessment (DPIA) and when do we need one?

What is a DPIA? A DPIA is a process designed to help you systematically analyse, identify and minimise the data protection risks of a project or plan. It is a key part of your accountability obligations under the GDPR, and when done properly helps you assess and demonstrate how you comply with all of your data protection obligations. It does not have to eradicate all risk, but should help you minimise and determine whether or not the level of risk is acceptable in the circumstances, taking into account the benefits of what you want to achieve. DPIAs are designed to be a flexible and scalable tool that you can apply to a wide range of sectors and projects. Conducting a DPIA does not have to be complex or time-consuming in every case, but there must be a level of rigour in proportion to the privacy risks arising.
Click here to read more on this

A data protection impact assessment shall in particular be required in the case of:

    • a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
    • processing on a large scale of special categories of data referred to in Article 9(1), or of personal data relating to criminal convictions and offences referred to in Article 10; or
    • a systematic monitoring of a publicly accessible area on a large scale.

The assessment shall contain at least:

  • a systematic description of the envisaged processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller;
  • an assessment of the necessity and proportionality of the processing operations in relation to the purposes;
  • an assessment of the risks to the rights and freedoms of data subjects […]; and
  • the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned.

The General Data Protection Regulation requires a risk-based approach to be taken at key points, for example, article 32 says that mitigating controls should be appropriate to the risk to the rights and freedoms of individuals once a variety of factors have been considered. Article 28 (processors) requires a risk assessment of the technical and organisational controls of potential suppliers and mitigations imposed through contract. Article 35, sets out the formal process and when these must be undertaken, although the ICO provides a more detailed list, and deciding not to undertake a Data Protection Impact Assessment (DPIA) requires justification to be recorded.

The new DPIA function in Flowz enables a range of risk factors to be considered separately and together, and for these to be brought together to satisfy all of the GDPR requirements. The new functionality builds on the existing functions and the data already recorded in the system.

The DPIA function is the first of a series of ‘case’ based functions and will be followed by Subject Access Requests in early 2020 and then for handling Freedom of Interest requests.

If a part of your organisation is processing personal data – you may just want a risk assessment completed.

We can start implementing the DPIA function for you. Get in touch with us if you wish to try it. We can provide play environments, advice, planning and deployment strategies.

Useful New Flowz Features

Here are some useful features that have recently been introduced to Flowz that you may not have noticed or used yet

DPIA Wizard Function

We’ve created a wizard that ensures that you complete a DPIA in the correct order and don’t skip anything.

The Submit button will not appear until you have reached a minimum threshold of compliance while answering the questions, depending on your current scoring. Important not to jump steps in DPIA (whereas you can currently).

It is important even if you press Submit during the preliminary question stage, it will still divert to DPIA before sign-off to make sure.

Uploading your own logo to the Flowz login page

As an alternative to the Flowz login page, you can upload your organisation’s logo to give the login page a more personalised and professional feel.

We have developed a Single Sign On (SSO) solution to integrate the Flowz login with your organisation’s login and make logging into Flowz a seamless exercise.

In the meantime before this is available, you can mask your Flowz URL and make it appear as something else, allowing you to make the Flowz URL look like it’s your own organisation’s page.

 

Parallel Builds

Time invested in the SSO solution had been holding up progress in other areas but we now have a utility which allows us to develop parallel builds.

On a similar note, we have an exciting new feature for users which allows them to use a testing ‘Play’ environment alongside their main Flowz system.

This will let you try out new features before choosing to turn them on in your main system. This Play system is not dedicated to each individual customer, so be mindful other organisations will be using and therefore not to enter any confidential information.

Flowz Play System

On a similar note, we have an exciting new feature for users which allows them to use a testing ‘Play’ environment alongside their main Flowz system.

This will let you try out new features before choosing to turn them on in your main system. This Play system is not dedicated to each individual customer, so be mindful other organisations will be using and therefore not to enter any confidential information.

 

Will Your Staff Cost You Millions in Data Breaches?

Financial services organisations have never been more at risk of data breaches. A recent report by RPC found that the number of data breaches reported by UK financial services firms increased 480% in 2018, with the retail banking sector seeing the largest relative increase in data breaches. A wider report by DLA Piper found that European companies suffered 60,000 data breaches in the 8 months following the GDPR laws coming into force, equating to one every 5 minutes.

Click here to read more on this