General Data Protection Regulation (GDPR, in Polish: RODO) imposing new duties related to personal data processing become effective on 25 May 2018. is aimed at allowing institutions to perform duties resulting from GDPR. The solution is a register of all personal data sets processed in the organisation and supports the organisation in managing business processes related to GDPR. was built modularly with the use of mechanisms such as: gathering data in registers, servicing processes and cases, mechanism of management and task assigning, generation of reports, automation of preparation and generation of documents. application for the GDPR repository supports the phase of designing, inventory-taking, assessment of processing security and preparation to compliance with GDPR [Art. 30]. The following modules are used for these purposes:

  • Register of personal data sets
  • Register of IT systems
  • Central Database of persons containing copy of all personal data stored in all data sets or integrations with a central database of institution persons (depending on policy in a given organisation).
  • Register of Processing Activities
  • Register of Retention Rules of personal data
  • Register of Clauses concerning personal data processing
  • Register of Consent for personal data processing
  • servicing assessment of consequences for personal data DPIA protection and handling cases related with it

After 25 May 2018 the application will facilitate and enable processing of GDPR. In that respect the module Requests can be used.

Requests of persons whose data are processed in the company:

  1. Request for information,
  2. Request for data correction (modification or extension)
  3. Request for copy of data, potentially with sending it to another ADO
  4. Withdrawal of consent for processing,
  5. Request for limiting of processing,
  6. Objection against processing,
  7. Request for deletion (being forgotten).
  8. As part of the request service the System runs the Register of Cases and Notifications. system allows for direct registration of requests electronically by interested parties, i.e. can be connected with front systems, including websites. It also enables remote access by data subject to his/her data. Moreover, the solution manages communication process with IT Systems processing personal data in the organisation.