The FUG (Flowz User Group)

This FUG meeting largely focused on how users can impement DPIAs in Flowz. The meeting allowed our users to interact, and provide feedback on how they are managing their systems.  David Stone was again the Lead Speaker at the event and covered topics including:

  • What is a DPIA, and why do we need it
  • New DPIA Functionality demo
  • Development Roadmap
  • Online Training sessions
  • Update on GDPR
  • Forum

Data Protection Impact Assessment (DPIA)

What is a DPIA? A DPIA is a process designed to help you systematically analyse, identify and minimise the data protection risks of a project or plan. It is a key part of your accountability obligations under the GDPR, and when done properly helps you assess and demonstrate how you comply with all of your data protection obligations. It does not have to eradicate all risk, but should help you minimise and determine whether or not the level of risk is acceptable in the circumstances, taking into account the benefits of what you want to achieve. DPIAs are designed to be a flexible and scalable tool that you can apply to a wide range of sectors and projects. Conducting a DPIA does not have to be complex or time-consuming in every case, but there must be a level of rigour in proportion to the privacy risks arising.
Click here to read more on this

Please sign-up to our DPIA Web Demos

Brexit Impact

What ‘No Deal’ means for GDPR

With it looking increasingly likely that no deal will be struck between the British Government and the European Union, businesses and organisations need to start contingency planning for the ramifications of a ‘no deal’ Brexit.

In terms of GDPR, ‘no deal’ would see the UK becoming a third country. This is because the common unrestricted sharing of data between EU nations would no longer include us and the UK would cease to benefit from any preferential treatment.

Flows of data from the EU would become akin to data coming from the USA.

Previous amendments to GDPR legislation passed by the UK parliament have made it unlikely that the EU will accept our legislation as equivalent once we leave. 

Click here to read more on this

 

Useful New Flowz Features

Here are some useful features that have recently been introduced to Flowz that you may not have noticed or used yet.

DPIA Wizard Function

We’ve created a wizard that ensures that you complete a DPIA in the correct order and don’t skip anything.

The Submit button will not appear until you have reached a minimum threshold of compliance while answering the questions, depending on your current scoring. Important not to jump steps in DPIA (whereas you can currently).

It is important even if you press Submit during the preliminary question stage, it will still divert to DPIA before sign-off to make sure.

Uploading your own logo to the Flowz login page

As an alternative to the Flowz login page, you can upload your organisation’s logo to give the login page a more personalised and professional feel.

We have developed a Single Sign On (SSO) solution to integrate the Flowz login with your organisation’s login and make logging into Flowz a seamless exercise.

In the meantime before this is available, you can mask your Flowz URL and make it appear as something else, allowing you to make the Flowz URL look like it’s your own organisation’s page.

 

Parallel Builds

Time invested in the SSO solution had been holding up progress in other areas but we now have a utility which allows us to develop parallel builds.

On a similar note, we have an exciting new feature for users which allows them to use a testing ‘Play’ environment alongside their main Flowz system.

This will let you try out new features before choosing to turn them on in your main system. This Play system is not dedicated to each individual customer, so be mindful other organisations will be using and therefore not to enter any confidential information.

Flowz Play System

On a similar note, we have an exciting new feature for users which allows them to use a testing ‘Play’ environment alongside their main Flowz system.

This will let you try out new features before choosing to turn them on in your main system. This Play system is not dedicated to each individual customer, so be mindful other organisations will be using and therefore not to enter any confidential information.

 

Google’s €50 million fine and what it means for the tech industry

Fines being levied at companies major tech companies like Google have ramifications for the tech industry as a whole, demonstrating that GDPR regulations are not simply paper tigers.

Luke Graham at City A.M. wrote an article about this:

GDPR Changes

GDPR has made some changes to how some sector organisations process personal or special categories of data. Some requirements apply to all sectors, others specific to public/private sector …

GDPR, Applied GDPR, and DPA 2018 Navigation

For the more geeky amongst us, May 2018 was an exciting month, with GDPR finally coming in to force, the Law Enforcement Directive, the repeal of the Data Protection Act 1998, getting the Data Protection Act 2018 at the last moment and myriad small changes hidden in the depths of the Byzantium complexity of the new law.

The Data Protection Act 2018 picks up the mantle of the Data Protection Act 1998 by being one of the worst constructed pieces of legislation on the statute books.

Working Party 29

The Working Party 29 Position Paper released 19/4/2018: The Derogations from the Obligation to Maintain Records of Processing Activities Pursuant to Article 30(5) GDPR. Follow this link to view the Position Paper.

http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=51422

This high level explanation of the position paper may also be a useful summary:

https://www.lexology.com/library/detail.aspx?g=e09fc9df-0183-4799-bfe5-537ecc9e3d87

Click here to see what guidance has been published