The structure of the data protection documentation software we use follows the principle of “keep it small and simple”. The topics that are important for proper documentation are processed. In doing so, the structure of the software we use helps us to limit ourselves to the essential elements in the GDPR. For example, our data protection software supports the documentation of procedural activities, processors, technical and organizational measures, the assignment of documents to deletion obligations, and the fulfillment of data subject rights and information obligations. It also provides support for other obligations of the GDPR that are important for a company or a data protection officer, such as the report for the supervisory authority, evaluation lists for the DPO, and much more.
For the recording of documentation in the electronic directory of processing activities, many processing activities, types of personal data and categories of personal data are stored as selection lists. These help with the creation of the documentation and facilitate the work.
The DigiBizS Solutions software supports the documentation of the following data protection legal requirements:
- Records of processing activities
- an overview of the retention and deletion periods per processing activity
- the processing orders as well as external services
- a risk assessments for each processing activity
- Technical and organizational measures
- if necessary, a data protection impact assessment
- Data protection processes
- Information requirements
- Data subject rights
- data breaches
Our data protection documentation software is called DigiBizS Solutions and is multilingual. Currently, translations are available for Dutch, English, French, German, Polish, Italian, Spanish and Russian.
The data protection documentation software includes a function that automates and supports the risk assessment of data processing operations. This automatism is based on the explanations of the DSK for risk assessment as well as the protection level concept of the LfD Lower Saxony. Of course, the questions of the threshold analysis according to WP248 rev. 01 as well as the control questions for the “Blacklist” are integrated in the risk assessment.
The data protection documentation software also allows the DPO to evaluate each processing activity and formulate notes on it.