The General Data Protection Regulation (GDPR) introduces sweeping changes to how enterprises around the world collect, process, store, and protect the personal data of EU citizens. As the first compliance deadline draws near, Data Protection Officers (DPOs) will need to ensure that their organizations are prepared by establishing compliance and audit teams, processes, policies, and controls. Given the scope and complexity of the regulation, an integrated and automated approach to data protection compliance and assurance will be important for enterprises to meet their GDPR requirements on time.Download a Solution Brief
THE METRICSTREAM M7 GDPR SOLUTION
When data controllers and processors use multiple systems to meet GDPR requirements, DPOs will find it significantly challenging to coordinate the enterprise response. The MetricStream M7 GRC platform and apps offer DPOs and audit, risk management, and compliance teams a single, unified solution to manage multiple GDPR requirements. The solution supports a risk-based approach to GDPR compliance, and helps DPOs build a robust data protection and governance framework.
Teams responsible for data protection assurance and compliance can conduct risk assessments, define and test controls, perform audits, and resolve issues that might arise. Powerful reports and dashboards provide comprehensive and real-time visibility into the status of GDPR assurance, enabling the DPO and others responsible for data protection to make informed decisions.
The MetricStream M7 GDPR Solution offers the following benefits:
- Confidence that data protection and processing are in compliance with GDPR
- Assurance that third parties that manage and process data are in compliance with GDPR
- Efficient planning and execution of risk assessments, audits, certifications, and testing
- Visibility into issues, as well as the follow-up and completion of actions
- Certainty that codes of conduct are being followed
- Rapid responses to requests and complaints from data subjects
- Preparedness and responsiveness in the event of data breaches
FEATURES AND FUNCTIONALITIES
GDPR REQUIREMENTS MANAGEMENT
Capture and track the key requirements of GDPR through M7’s pre-built integration with the Unified Compliance Framework’s (UCF’s) Common Controls Hub. Gain access to articles, related controls, and control testing procedures to strengthen GDPR compliance.
CODES OF CONDUCT AND POLICIES
Streamline the process of creating codes of conduct, policies, and procedures for GDPR compliance, as well as managing reviews and approvals, communicating the codes of conduct to employees and third parties, and capturing attestations and exceptions.
DATA PROTECTION IMPACT ASSESSMENTS (DPIAS)
Identify and assess the risks of data processing activities through systematic, automated DPIAs. Design DPIA surveys, assign them to data controllers, and tabulate the results with configurable scoring algorithms. Conduct audits to provide assurance that the risks identified in DPIAs are mitigated.
DATA PROTECTION RISK MANAGEMENT
Strengthen visibility into IT assets and infrastructure elements that store personal data. Identify, assess, quantify, and monitor the risks to this data through an inbuilt IT risk assessment framework. Gain a comprehensive, real-time view of risks through powerful reports and risk heat maps.
Link GDPR compliance controls to risks, processes, and IT assets in a structured hierarchy. Harmonize controls across GDPR and other IT compliance regulations through integration with UCF’s Common Controls Hub. Plan, manage, and conduct control tests based on pre-defined criteria and checklists.
Streamline and automate audits to evaluate the effectiveness of GDPR controls and processes. Simplify audit planning and scheduling, create audit tasks, manage work papers, and record audit findings. Generate audit reports such as a statement of applicability of controls and a risk-prioritized remediation plan for non-compliant areas.
Assess and monitor third parties in line with GDPR requirements. Automatically trigger risk and control assessments to third-party data processors to identify areas of high risk exposure. Aggregate and roll up third-party risk data into powerful reports and dashboards for real-time risk monitoring.
Identify and document issues that may arise in any of the above processes. Accelerate issue investigation and resolution through automated workflows, notifications, and reports. Create remediation plans, route them for review and approval, and track their implementation in real time.
BUSINESS CONTINUITY AND INCIDENT MANAGEMENT
Proactively plan crisis responses to possible data breaches, and test recovery plans. If a breach occurs, enable a systematic approach to log, track, investigate, report, and resolve the incident. Capture incident data centrally, and enhance cross-functional collaboration on related investigations.
Manage complaints from data subjects, as well as requests for personal data erasure, and objections to data processing. Streamline and standardize case recording, investigation, resolution, and reporting. Track and monitor the status of each case in real time.
Gain in-depth visibility into the status of GDPR compliance management through intuitive, role-based dashboards and reports. Proactively identify risks, issues, and process improvements that need to be addressed on priority.
NOTE : If you are looking for MetricStream’s position on GDPR please look at the privacy statement section