It is not uncommon for people to provide personal information when hiring a service or when making an online purchase, without any guarantee of what will be done with this data, for how long it will be saved or to whom it will be conveyed. Personal data often ends up circulating on the internet, the result of countless cases of data leakage or misuse, which usually ends up being inconvenient and causing a lot of headaches for the data owner.
The General Data Protection Regulation (GDPR) was created with the objective of increasing companies’ responsibility for how they handle personal information, preventing abuse and the unauthorized use of data.
That is why every company that collects, processes, stores or transmits personal and sensitive data must adopt careful and reinforced governance measures in order to avoid running afoul of the law.
The solution for GDPR
SoftExpert provides an advanced software solution that assists in controlling the privacy of personal information. The SoftExpert Excellence Suite is an integrated management system that assists in the definition and implementation of policies, standardization of processes and control of access to documents, conducting detailed audits, analyzing and monitoring risks and training employees.
Using modeling based on the BPMN standard (Business Process Model and Notation), the solution allows flows to be created to map personal data, data holder service and security incidents. It also manages information security risks, making it easier to control all of the threats and vulnerabilities in the company.
Principali vantaggi della soluzione
Defines security requirements and objectives.
Maintains compliance, establishing controls and acceptable levels of risk, while ensuring alignment with objectives and policies.
Assists in the fulfillment of the requirements of GDPR;
Defines the processes for controlling and reviewing information security management.
Improves the ability to recover from failure and maintain business activities.
Identifies key people in the process and defines responsibilities.
Sets communication schedules and protocols.
Automatically assesses risks, based on information collected about the frequency and impact of events that have occurred.
Communicates results through configurable reports and portals.
Maps personal data.
Controls the review of documents such as privacy policies using standard or customized workflow according to business needs.
Automates the entire audit process, from planning and execution to reporting and monitoring.
Materiali in rilievo
ISO 27001 – Information Technology Security Management
Enhancing regulatory compliance through the integrated approach