GDPR Principle: Articles 5, 6, 24, 35, 39
Step 1
FREE Data Privacy Impact Assessment
AvePoint Privacy Impact Assessment (APIA) helps organizations gauge where they are on the journey to GDPR readiness. The centralized web-based system provides editable questionnaires with pre-populated, GDPR relevant questions. It then automates the information gathering process including following up with who is responsible for which questions. Assess your risk and get recommendations on how to close existing gaps without having to rely on email and spreadsheets. Watch the video.
Start Your Free Download
You’ve probably already completed this first, critical step. If not we’ve got you covered. Once you’ve got the FREE assessment tool downloaded, we’ll direct you right back to this page to continue your journey!
GDPR Principle: Articles 6, 24, 25, 28, 29, 30, 32, 46
Step 2
Map, tag and create a plan for your data
Create an Inventory of Processing Records and Map Data Flows.
With Compliance Guardian ERM, organizations can implement an inventory and risk register for data flows across the organization, automate privacy and security by design and by default, and automate risk and data protection impact assessments. Generate actionable insights with smarter data - adding context, workflow, relationships, intent, and purpose, and establish polices for data collection and usage. Suggest and record Corrective & Preventive Actions (CAPA) once non-conformities or undesirable assessment results are spotted.
Tag and classify your data
Compliance Guardian DVC scans, tags, and classifies data that maps to your sensitive data definitions – based on common regulations, or internal policies to gain order and organize your information. Scan results provide insight into your greatest areas of vulnerability, and flag inconsistencies between document contents and current tags or classification. Then, tag and classify your data, so you can more easily find, manage, and act on at-risk or sensitive data.
Implement a “Risk-Based” Approach to Data Protection.
Compliance Guardian DPIM helps to not only calculate risk, but also implement a risk-based approach to data protection across programs and systems. Take action to automatically enforce data protection policies through data discovery, pseudonymizing, encryption, blocking the transmission of restricted data, permission management, purpose limitation, and consent management and accountability. Smart incident management adds workflow, and human review where necessary, to aggregated 3rd party and AvePoint-generated incidents.
GDPR Principle: Articles 6, 25, 30, 32
Step 3
Know the authoritative source of information and hold that
data for the appropriate amount of time.
Governance Solutions
Automate the governance and management of SharePoint site or Office 365 Groups creation, expiration and who has access and permissions to specific systems and data.
Backup Solutions
Enable data availability for data subject requests and appropriately archive and back up data on a scheduled basis.
Records Solutions
Complete records identification and management system to help manage the full process of identifying data about an individual subject and retaining it for the appropriate period of time.
Congratulations, show your compliance with pride!
Step 4
PROVE you are GDPR compliant!
Compliance Guardian DPIM tracks incidents over time, to demonstrate a continuously improving compliance posture. In addition, DPIM can generate security-trimmed or role-based reports, that can easily be sent to regulators, auditors, data protection authorities, and internal stakeholders for review, to comply with audit requirements, and record keeping.
Free GDPR Resource Kit
GDPR Benchmark Reports
AvePoint, in partnership with the Centre for Information Policy Leadership, surveys organizations around the world for GDPR readiness.
Find out how your organization measures against the results.
White Paper
The Operational Impact of the European Union General Data Protection Regulation (GDPR) on IT
Learn where to implement safeguards and controls around the collection, storage, protection, and sharing of personal data.