GDPR Individual Rights workflow

The problem

As part of the General Data Protection Regulation (GDPR) which comes into effect on 25th May 2018, citizens have the right to find out exactly what personal data is being held about them, why it’s being held and who that data is being passed on to. Individuals can gain this information by making a Subject Access Request (SAR).

Organisations are expected to respond quickly and waive any charges they may have once made. As a result, SARs are expected to grow in volume and create an administrative overhead.

GDPR also carries the threat of severe financial penalties for firms found to be in breach, with maximum fines being 20 million Euros, or 4% of the firm’s global turnover – whichever is higher.

The solution

Eclipse has created a dedicated GDPR Individual Rights workflow solution, seamlessly integrated into its market-leading Proclaim case and practice management software system. The new GDPR Individual Rights workflow is available either standalone for non-Eclipse customers, or as a unified toolset for current customers. The GDPR Individual Rights workflow will manage requests and automate their handling, reducing cost and aiding compliance with ongoing legislation.

  • Easy to use, with pre-defined workflows to assist compliance personnel in managing the process of dealing with requests including:
    • Subject Access Requests
    • Data Portability requests
    • Objection to processing of data
    • Request for rectification of the data
    • Request for erasure/right to be forgotten
    • Requesting reasonable fees which may apply
    • Refusal to deal with the request
    • Request for review of a decision
    • Obtaining permission from third parties mentioned in data
    • Managing deadlines, delays whilst awaiting information and time extensions
  • Record details of the data which is held for that Data Subject:
    • Who is in control of that data and who has access to the data
    • Details of any third parties who are referred to in that data
    • Ability to flag individual pieces of data to confirm whether it should be included
  • Scalable to cater for all shapes and sizes of organisation – from single business units through to layered organisations with multiple divisions and operating models
  • Build further MI with the suite of included reports
  • Securely hosted in the UK, also available as an on-premise solution if required
  • Compliant – only authorised users will have access to information

 Who will need this?

The requirement to be compliant with GDPR and Subject Access Requests is applicable to all organisations. Most businesses and especially those that deal with individual end-customers will hold vast amounts of personal data. Knowing what data is held, where it’s stored, why it’s stored and who it’s being passed on to – then producing this information promptly is crucial to any firm looking to avoid fines and remain compliant.

 
See a demo