Frequently Asked Questions

What is a Data Champion?

A Data Protection Champion is the name given to those staff members your organisation’s Data Protection Officer (DPO) / Data Lead nominates to help mitigate and action the identified risks. For example, these could be different Heads of Departments or specific Managers.

What Policy Templates are included on PrivacyEngine™?

PrivacyEngine™ includes a comprehensive library of policy templates covering everything from Clear Desk Policies to Data Breach Notification Procedures.

What is the Learning Management System (LMS) on PrivacyEngine™?

Get complete visibility of your colleagues’ data protection awareness. Create and manage training courses using our comprehensive and flexible Learning Management System (LMS).

Select from a library of online training material and assign training to employees to ensure they are fully trained up.

Our interactive training videos cover the GDPR, CCPA, cybersecurity awareness and phishing suceptibility modules. Certain modules are localised in English, German, Polish, Swedish, Spanish, Russian and Dutch, as well as having Internationalised and US localised versions.

PrivacyEngine™ platform includes the following courses:

  • GDPR Staff Awareness (4 modules)
  • Cybersecurity Awareness (6 modules)
  • 12 Steps to GDPR Compliance (12 modules)
  • Phishing Interactive Quiz

What is Dedicated Support?

As part of running any success programme, how the data protection team communicate and collaborate is essential.

Data Protection Support

PrivacyEngine™ provides one-to-one support from our experienced Data Protection Consultants though our platform.

The platform allows you to configure support settings in how data protection related queries in your organisation are managed. Employee queries can be set to go to the Data Champions in their Department. Data Champions can then respond or get help with the query from the Data Protection Lead of the organisation. The Data Protection Lead of the organisation has the option to respond to the query or to forward on to a Sytorus Consultant for help.

We provide pragmatic responses to all your data protection queries and will work with you to ensure that your documents, policies and understanding are accurate and up to date.

Technical Support

Send any technical support questions or queries on using the platform to one of our technical support team. Free training on the platform is provided on purchase, the technical support channel ensures that you have ongoing help and support in using the platform.

Group Chat

The group chat feature allows you to communicate and collaborate with members of your data protection team.

What Mandatory Logs are included on PrivacyEngine™?

All Mandatory Logs required under Article 30 of the GDPR are included within PrivacyEngine™:

  • Records of Processing Activities (RoPA)
  • Data Breaches and Incident Management
  • All Data Subject Rights Logs, including
    • Right of Access (Subject Access Request)
    • Right of Rectification
    • Right to Erasure (Right to be Forgotten)
    • Right to Restriction of Processing
    • Right to Portability of Data
    • Right to Objection to Processing
    • Right in relation to Profiling and Automated Decision Making
  • IT Systems
  • Third Parties

Having these Logs maintained in an effective manner is critical in demonstrating compliance.

What is a Risk Register?

Using PrivacyEngine™ to maintain a Data Protection Risk Register allows your organisation to identify and mitigate against data protection risks, as well as demonstrate compliance in the event of a regulatory investigation or audit.

The Risk Register includes a RAG rating matrix and chart to give an overall view of the risk profile of your organisation. A date slide allows you to check the historical risk profile of your organisation.

The Risk Register table lists all the risks identified and added for your organisation. Here you can see the risk description, where the risk originated (Data Processing Activity, Subject Request, Third Party, IT System, DPEA, DPIA), the date created, status, rating, and any actions assigned to team members for the risk.

Clicking on the risk reveals further information on the risk and allows you to add further details, update the status of the risk, the risk rating or assign actions to different members of your data protection team.

You can download and print Risk Reports for your organisation:

  • Risk Actions completed
  • Risk Actions assigned to your data protection team
  • Risk Profile Summary Report
  • Risk Profile Detail Report

What is an Assessment on PrivacyEngine™?

We provide the Data Protection Officer (DPO) / Data Lead with the ability to run Data Protection Impact Assessments (DPIA’s) and Data Protection Gap Assessments (DPGAs)  through our comprehensive Assessments Module. This enables them to run complete workshop based DPIA’s with full automated report generation.

Running DPIAs is a critical obligation for all organisations to be competent at. We help with this by providing organisations with a simple but powerful tool to assist with these mandatory assessments.

The Assessments Module comes with a library of risks. This library contains c.1000 risks and recommendations and are searchable by 54 Departments, 99 Sectors and 7 GDPR Principles.

What Security Measures are taken?

We take privacy and security very seriously. All our data is encrypted in transit, at rest and securely monitored using Microsoft Azure Security Centre.

 

 

We're here to help

Get In Touch