This is a guest blog by Citrix Partner, Anders Bendix Kiel from Multikant.

A Podio add-on for managing your own compliance

My name is Anders Bendix Kiel, a Podio and Citrix partner since 2010. Our team at Multikant has developed a custom Podio workspace to help your business manage compliance and document processes related to GDPR.

In my view, Podio offers a fantastic platform for companies to organise, structure and collect data. You can use the structure of Podio apps and workspaces to document control of your personal data processing activities, as required by EU General Data Protection Regulation (GDPR), which took effect 25 May 2018.

Lawyers use a lot of Excel spreadsheets, making it hard to securely track all data. We simplified and structured documentation obligations by creating a Podio workspace to record all personal data processing activities. Now, instead of having excel sheets documenting data spread across departments and employees, Podio collects all the relevant information in one secure workspace.

CLEVER GDPR collects all your personal data processing activities

Clever GDPR is developed by CLEVER Management (www.clevermanagement.dk) – a long-term Citrix Partner formerly known as BendixKiel. It introduces an intuitive and guiding way on how to become – and stay – compliant.

Our solution can assist to:

  • Create an overview of what personal information your company is handling
  • Identify all processes where personal data is involved
  • Evaluate the risks of processing personal data
  • Elaborate and implement policies, procedures and contingency plans
  • Document that your processes and procedures are maintained
  • Display your Record (according to Article 30)

 This tool makes me feel better and gives me an overview of the job to be done to be compliant.

Solveig Bjerg, Mediegruppen

Ignite the collaborative process of GDPR compliance

The structure of the workspace is divided into a Management section and an Engine Room section, with help-texts available for each app. Clever GDPR is built on the rules in the Regulation (EU) 2016/679 of 27 April 2016 (Regulation) and helps you to fulfill the requirements in the regulation.

Functions and data flow are Management, while the remaining apps are in the Engine Room section.

Management

GDPR starts in the company’s executive board, where the scope is defined and the work tasks are delegated. This process can in the administration department (for small businesses) or in several departments simultaneously (often occurring in large businesses).

Functions represent the company’s departments likely to include the personally sensitive data the company handles. There is a risk of handling such personal data, thus creating the need for the company to keep a record of the company’s data processing activities.

Data Flow shows all the company’s data processing activities, such as personal administration or customer registration. All of this is built on content from the Engine Room.

In Data Flow, the company’s total record of handling data processing activities is accomplished and available for use by the Supervisory Authority. It is also possible to print the activity for each processing activity.

The Engine Room

The Engine Room records all underlying processes that help build and document a company’s compliance. This can be done by a person (e.g. Data Protector Officer DPO) or handled by the individual departments that collectively populate the Engine Room.

In the Engine Room, all types of Subjects are categorized. All of the Personal data the company collects and handles is recorded and the sensitivity of the data is assessed.

Legal basis is recorded, where personal data is registered alongside which Processors the company uses and whether a Processor agreement is obtained. If Processors from third countries are used, they are also registered. If personal data is forwarded to third parties, it and all relevant and necessary procedures are recorded. This ensures the rights of the subject and ensures the company has a contingency plan if, by accident, personal data becomes available to non-relevant parties.

All procedures can be written directly in the tool or attached as a file linked directly to ShareFile.

It is a hard job to be compliant and document all your data activities BUT by using Clever GDPR I have gained an overview of the process in a guiding and visual way.

Sajid Latif, Human Care A/S

Maintenance

During all processes defined by Clever GDPR, the status of the individual process and date of a review will be updated, giving overview of which processes or procedures need to be reviewed. This way, the company can show that it can strives for compliance.

Get on board and demonstrate your compliance

Immediately after installing Clever GDPR, you are on your way to becoming compliant. The first step is to go through all processes, including personal data, and populate the tool with your processes and data. Bonus: you can always see or show the status and progress in your work!

Because the apps are related to each other in the system, you can put procedures, consents, personal data, etc. in the tool (as a database) and within Podio, use relationships to document the process of data flow. This displays the process of data, which can be used as documentation for the Supervisory Authority.

Becoming and staying compliant is hard work, but don’t make it more difficult by using fragmented excel sheets and confusing emails. I highly recommend using Clever GDPR to keep track of data and the status for each piece of the compliance process.

 

Legal Disclaimer: This document provides a general overview of the EU General Data Protection Regulation (GDPR) and is not intended as and shall not be construed as legal advice. Citrix does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that Customers or Channel Partners are in compliance with any law or regulation. Customers and Channel Partners are responsible for ensuring their own compliance with relevant laws and regulations, including GDPR. Customers and Channel Partners are responsible for interpreting themselves and/or obtaining advice of competent legal counsel with regard to any relevant laws and regulations applicable to them that may affect their operations and any actions they may need to take to comply with such laws and regulations.