By 25 May 2018, it will be mandatory to comply with the GDPR. ARXivar integrates with all corporate applications in use to manage the procedures, processes and information underlying compliance with the Regulation.
By 25 May 2018, it will be mandatory to comply with the new European Data Protection Regulation, GDPR, which aims to regulate how companies process, store and destroy users’ personal data.
Among the most important innovations: the ability to demonstrate full compliance with the regulation, the obligation to notify (within 72 hours) the competent authority and affected users in case of any data leakage or compromise, and the guarantee ‘by default’ of privacy and security in the design of the product or service.
“If we look at the regulation from the point of view of those who have to implement it, we can see that it is not in discontinuity with the current legislation (Legislative Decree 196/2003 – better known as the privacy law)”, says Dimri Zanella, Business Development Manager at Able Tech. “It is rather a redefinition of purpose. It moves from a list of requirements to be implemented to a cross-sectoral approach based on objectives.“. The regulation will therefore have to be implemented within the individual company, which will be responsible for demonstrating how it is materially implemented within its own context from the point of view of documents, procedures and security measures.
ARXivar for GDPR management
But how can we achieve good GDPR management in practice? Our answer is ARXivar, which integrates with all the company applications in use, allowing to manage with a single centralised tool, procedures, processes and information at the basis of GDPR compliance. With ARXivar, we make a process-based approach feasible and therefore, as the regulations suggest, an approach by design: everything is tracked, measurable and demonstrable, but above all it is the process itself that drives the company’s activities, through workflow.
Privacy Impact Assesment
it is possible to define upstream Privacy Impact Assessment (PIA) policies and risk assessment and management for individual processing, through the correct configuration of business processes. ARXivar allows you to set verification deadlines, classifying risks according to impact and probability variables .
Any Data Breach, which is promptly notified thanks to the possible integration with security intelligence systems, triggers a series of workflows to manage the classification of the data breach, any communication to the users concerned and the sending of the notice, using a predefined template, to the competent Authority
At the core of the whole system is the guarantee of data security. ARXivar guarantees the integrity of the information, protects and tracks access to the archive, protects through encryption and makes the information accessible only through authentication protocols guaranteed by international security standards. The platform also allows the creation and management of an access structure, configurable according to specific users/groups, document classes, document status and business areas.
More than GDPR
The opportunity for businesses is more transversal than ever. Beyond a purely bureaucratic adaptation, the GDPR, and more generally all the most updated CEN legislation, aims to give methodological indications to organise activities according to the logic of processes, with the purpose of managing risk, increasing efficiency and the ability to respond to the end customer according to his expectations. For 15 years Able Tech has been supporting companies on this path, offering customised Information & Process Management solutions.
FOR MORE INFORMATION
>> Discover the dedicated ARX LAB (only for BP and ARXivar customers)