Effective May 25, 2018, the EU General Data Protection Regulation requires companies to comply with enhanced data privacy requirements, related to the processing of personal data of EU citizens.

Commugen’s GDPR 365 is a holistic solution that helps organizations and DPOs manage (i.e. define, execute, document, monitor and improve) data protection processes, required under GDPR.

Management and actions are done visually via a set of predefined dashboards and reports that provide varied views into GDPR compliance status.

1. Regulation Mapping: Recognize the Landscape Map GDPR articles and recitals to main themes, e.g.: Data Subject’s Right, Privacy by Design, Lawfulness of Processing, Breach Notification and Legitimate Interests.

2. Policy Compliance Management: Set Controls & Tasks Establish recommended and optional controls for each GDPR theme. Set tasks and responsibilities for those controls, and monitor execution.

3. System Mapping: Map Systems & Associated Data Risks Set privacy risk level for all systems and processes. Analyze thoroughly sensitive systems, and monitor exposure.

4. Action Management Respond to data subjects’ requests and manage breach events.

5. DPIA – Data Protection Impact Assessment Set privacy risk level for all systems and processes. Analyze thoroughly sensitive systems, and monitor exposure.

Holistic view

Commugen’s GDPR 365 manages all aspects of the DPO’s responsibilities. This allows for a unified view of GDPR activities and provides insight into organizational compliance.

Adapt to business changes and new GDPR insights

Commugen’s GDPR 365 technology allows easy tailoring to the specific conditions of your organization. Once running, it will easily adapt to changing Legal and IT needs, and to the evolution and changes in the understanding of GDPR.

Compliance Management

Privacy policies and controls ensure that the organization complies with GDPR (e.g. Lawfulness of Processing). These can be developed, approved, applied and improved continuously. Each control and policy is to a department or a pre-defined group within it, to ensure compliance.

System & Process Mapping & Monitoring

Commugen’s system and process mapping is an IT Asset Management tool. It holds asset information and records of processing of personal data by that asset. It can also present related information from other systems regarding the collection, access, transfer and sharing of data by the asset.

Action Management

Commugen’s GDPR 365 Action Management manages all aspects of incidents – i.e. data subjects’ requests and breach events. Action Management manages customer requests with pre-defined tasks that enable response within the allotted time frame under GDPR. It also includes the management of notification to all relevant stakeholders and monitoring of SLAs in a breach event. Added to that is a breach event exercise sub-module, to help organizations be prepared.

Data Protection Impact Assessment (DPIA)

DPIA estimates the inherent risk of a data breach in a system or a process, based on a predefined set of questions on the nature, use, disclosure and purpose of personal data. It then estimates the residual risk based on existing controls. The DPIA results determines a possible risk mitigation plan.