The ECOMPLY software suite is specially suited for external Data Protection Officers (or DPOaaS). In this article we show you how we specifically support the day to day activities of external DPOs. These highlights include support for data subject access requests, proof of compliance and the application of templates.
Data Subject Access Requests (DSAR)
Data Subjects can request access to information held about them from controllers. One example of this access is the ‘right to be forgotten’ where a person asks a company to delete a piece of personal information or all of it.
In the European GDPR, there is no hard deadline set for responding to such requests. The European industry standard in 2021 is to respond within four weeks (at least with an acknowledgement of receipt) and handle the request within eight weeks of arrival.
In the Brazilian LGPD, Article 19.II, the deadline is strictly set at 15 days. Because of this very short available time frame, it is crucial to be notified immediately when a DSAR arrives in an organization.
DSARs can arrive in a number of manners. For example, via email, via form or on paper. A DPO has to ensure that this information is passed to him or her quickly in order to set in motion the tasks necessary to respond to said DSAR.
To allow for maximum speed and flexibility ECOMPLY can save valuable time. The ECOMPLY DSAR form can be integrated on the public home page of an organization. Data subjects are directed to use this form to place their DSAR. The key advantage is that when they click the “Send” button on the DSAR form, the DPO will be notified via email and will have all the DSAR information readily available inside the ECOMPLY platform.
An external DPO does not only handle the data protection of a single controller. On the contrary, the number of controllers serviced by an external DPO can be several dozen.
External DPOs typically have an established approach and structure that has proven well in practice and fits their client base. This approach is repeated from client to client for good reason. Rather than reinventing the wheel for every client, the DPO brings good practice approaches and valuable industry know-how. As such, external DPOs maintain client templates that they can apply to new clients.
ECOMPLY supports exactly this working style. In ECOMPLY, you can create your own ‘template client’ that contains all the basic information and structure that you like to start your new clients with.
When a new client needs to be set up, simply select the existing template and apply it. Within a few seconds, the new client will be set up, saving you many hours of work.
Proof of Effort and Compliance
100% Compliance does not exist. Neither is there a clear bar to measure against nor is there an auditor who has nothing to complain about.
Yet, your clients take effort towards their data protection compliance and pay money for it. They often ask what they receive to show for it.
This is where the ECOMPLY badge comes in. It can be placed on the client website to demonstrate that the client is paying and working towards better data protection.
The badge is also a link, pointing to a URL that confirms the correctness of the badge as a certificate.