Multiple Regulations

Pre-loaded regulatory compliance versions including CCPA, US Multi-State, GDPR-EU, GDPR-UK, LGPD, POPIA, PDPA, NDPR and KVKK. Configurable compliance checklists and versions for each jurisdiction – “mix and match”. Pre-built privacy frameworks, e.g., NIST, ISO 27701 and information security frameworks.

US Multi-State Capability 

Data Protection DynamiX (DPDx) is a combined compliance privacy framework that includes regulatory obligations for US State privacy laws, including California, Colorado, Virginia, Utah and Connecticut.

Compliance Framework that Maps to Multiple Regulations and Statutes

 Data Protection DynamiX (DPDx) is an umbrella privacy framework that is regulation agnostic and flexible. Demonstrate compliance of multiple requirements by adopting the DPDx practices embedded in the compliance checklist items and throughout the modules.

Compliance of Controls to Regulations and Privacy by Design (PbD)

Pre-built controls or use your own and tag them to compliance statements and Privacy by Design practices.

Real-time status and Configurable Reporting

Report and view individual compliance areas, choose the sections – Organization, Data Mapping, Governance, Stakeholders, Service Providers / Processors, Compliance and Data Sharing. Select Tasks, Status and Notes. Create PDF reports or download Excel spreadsheets.

Dashboards

Information updates and displays in real time for compliance, risk, data mapping, data locations, third party providers, employee compliance, data subject requests, impact assessments and incidents.

Logging and Audit

System creates immutable audit log for all data entry. Provides email and in app notifications and workflow.

Records of Processing Activities (ROPA)

Shows listing of each record by data subject, business process, lawful basis, retention period, legitimate interest assessment (if applicable), personal data elements, sensitive personal data elements, data location, system, service provider / processor, third party sharing, and IT security measures.

Data Inventory Wizard

Follow workflow starting with either department or data subject and select from drop down lists or create your entries.

Custom Data Records

Create custom records or elements within a record on the fly.

Data Collection Sources, Location and Service Providers

Enter and store information about collection sources, location, geographic region and service providers for personal and sensitive personal data.

Personal Data Catalog

Create and maintain a catalog of personal data for your organization. Information includes Data Subject, Business Process, Lawful Basis, Retention, Service Provider, System, Location, Technical and Organization Security and Data Sharing. Updates other modules of the platform that require data inventory information, e.g., Impact Assessments, Data Subject Requests and Incidents.

Personal Sensitive Data Catalog

Create and maintain a catalog of sensitive personal data for your organization.

System Inventory

Enter your systems and service providers. The platform produces a system inventory with system and service provider name, location, contract term and status.

Privacy Impact Assessment (PIA) Overview

Creates the assessment designed to describe the processing of personal and sensitive personal information, assess its necessity and proportionality, and help manage the risks to individuals’ resulting from the processing of personal information, by assessing them and determining the measures to address them. PIAs are important tools for accountability, as they help an organization to demonstrate that appropriate measures have been taken to ensure compliance with regulation.

Prebuilt Template

Guides assessor through series of questions and required information. Includes screening questions, purpose, processing justification and individual’s rights. Provides toggles for applicable sections and questions, text boxes for answers and area to add / upload notes and files.

Step by Step Workflow

Contains required information areas for exclusion, “lite” and full assessment via screening questions. Provides contextual help text for each area of the assessment. Provides steps for reviewers and approvers.

Screening Questions

System provides eight item check list to determine if a PIA is exempt for the assessment. If user selects one or more of the checklist items, then the system documents the disposition and eliminates further assessment tasks.

Threshold Analysis

Includes ten threshold purpose questions and user can add their own purposes in addition. System automatically denotes required information and risk level to data subjects.

Project Board (Kanban)

See and select Privacy Impact Assessments as cards displayed by status. Status includes Draft, Review, Editing, Submitted and Complete. Ability to toggle on and off viewing of archived assessments. Each card displays Assessment Control Number, Due Date, Assessment Name and color-coded Risk Level.

Data Inventory Selection

Select the relevant personal data to the Assessment, including Department (if set up), Data Subject Type, Processing Purpose, Lawful Basis from drop-down lists created from the data mapping.

Assessment Roles

Assign roles of assessor, reviewer or approver. Process allows for multiple reviewers and approvers. Can select from existing users or create them on-the-fly.

Risk Analysis and Recommendations

System determines risk level of each assessment based on combination of selected thresholds and criteria. Enter risk, risk type, impact and likelihood. Risk levels include negligible, important and maximum. After the initial approval, a Risks tab will appear where you can detail each risk and how it's being mitigated. Before a PIA can be approved all risks must be individually documented, justified and approved.

Stakeholder and Regulator Reports

Download pdf of PIA details for internal stakeholders, customers and regulators. Includes organization contact and addresses, privacy officer, criteria for required PIA, relevance, processing, data in scope, risk, approval, owner, reviewers, approvers, reference number and status.

Privacy Management Governance Suite

Focused set of data protection and privacy documents as a starting point, including public and employee privacy notices, employee training, transborder information flows, acceptable use, data classification and labeling and data handling and more. Covers the essential governance documents of security measures, privacy notices, internal, optional to manage your document library.

Prebuilt Templates.

Tailor pre-loaded governance policies to your company’s operations.

Curated Library

Contains essential privacy and data management policies and guidance in creating and managing your program such as Working From Home, Best Practices, Data Classification, Data Handling, Data Privacy Policy, Acceptable Use, Data Breach Policy, Data Privacy and Security Awareness, Program and Announcements. Tracks status and updates of each policy and procedure.

Configure and Edit

Start with a policy template and update it or upload your own policy, standard, procedure, announcement or work instruction. Includes text editing features on the platform.

Create Document Repository and Resource Center

Start with pre-built governance documents and add / change as needed. Manage documents for your Data Privacy and Protection and your Governance, Risk and Compliance program.

Acknowledgement Tracking Built In

Communicate policies and procedures to employees, contractors and other stakeholders and get “Read and Accepted” confirmations.

Centralize Policy Development and Management 

Create, update, store and manage acknowledgements from one place.

Custom Documents

You can implement your entire governance documentation within the platform. Upload your own standards, policies, procedures, runbooks, etc.

Built-In Privacy Awareness Module

Includes training document you can assign to employees and contractors. Send out via email and track acknowledgement of completion and acceptance.

Built-In Information Security Instructions

Includes instructions within policy documents you can assign to employees and contractors. Send out via email and track acknowledgement of completion and acceptance.

Link to Privacy and Security LMS

Enter links for employees to access your existing training.

Getting Started Wizard

DataProtection DynamiX includes an organization set up wizard and on-boarding guide.

Employee On-Boarding Checklist

Confirm employee learning and understanding of data privacy practice and compliance through 10 key practices. Add your own additional checklist items.

Training Guides and other Documents

Create and distribute documents and track status, sent dates and employee acceptance dates.

Training Completion Logs

View, print or save as pdf. Training completion includes name, job title email address, overall status, and detailed status by training.

Individual Rights Management

Manage the lifecycle of data subject rights requests.

Prebuilt Configurable DSAR Web Form

Add your web domains and JavaScript widget to display DSAR form and ingest submissions. Customize request type, submission and download buttons.

Applicable Regulation Configuration

Customize forms to handle the data rights applicable to your organization’s jurisdictions. Options include Access / Copies, Rectification / Correction, Deletion / Erasure, Restrict Processing, Data Portability and Objection.

Multiple Language Support

Display and manage public-facing privacy notices and DSARs in English, Spanish, French, German, Dutch, Portuguese, Czech. Greek, and Lithuanian.

Link to Data Mapping for Data Subject Type

The individual identifies themselves as a data subject type, e.g., applicant, prospective customer, customer, employee, the platform displays the data map of personal and sensitive personal data held for that data subject type.

DSAR Register for Audit Trail and Reporting

View, print or save the DSAR requests as pdfs.

PDF DSAR Report

Download pdf of individual DSAR from the Project Board.

Unlimited DSAR Request Processing

You get unlimited DSAR request processing and can host the web form on multiple domains.

Automated Request Population

Text that individuals enter on the form appear in a DSAR work item in the DSAR module.

Automated DSAR Workflow

As you enter needed information, e.g., evaluating the request, verifying identity of the requestor, documenting tasks and fulfilling the request, the platform automatically updates status and moves the DSAR to the next step in the sequence. If at any step, the evaluation indicates that DSAR is either invalid or not possible to fulfill, the platform will indicate the disposition and reject the request.

Project Board (Kanban)

See each DSAR as a card with status of received, in progress, complete or rejected. Cards display control number, Requestor, due date, assignment, and DSAR type. You can download the DSAR from the Project Board.

Document Upload

Upload and attach one or more documents or files to the DSAR. The requestor or the privacy person processing the DSAR may upload documents.

Email Integration and Notifications

Once requester has submitted their DSAR form, the system sends an email automated response with the completed request form and your organization’s privacy notice.

Data Subject Notifications 

System creates data subject notifications automatically via pdf that you can send via email. The notification contains the company contact information, description of the incident, potential impact to the data subject and the measures taken to contain the incident.

Data Authority Notifications

Automatically creates letter to data authority / regulator with contact information, incident details, risk assessment, mitigation measures, data subject types impacted and number of data subjects impacted.

Breach Workflow Management

Incident management contains analysis questions to determine if a personal data breach has occurred. If so, the platform automatically produces the data subject and regulator notifications and houses the risk analysis and mitigation steps.

Incident Detail

View or download PDF of incident details, including elements pertaining to personal data breach.

Dashboards

Click on Dashboard menu to display compliance, risk, data mapping, privacy impact assessments, data breach, stakeholder communications, service providers and data sharing, data subject access requests and tasks. Dashboards include summary and detail drill downs. Color-coded with counts and percentages. Service providers are displayed by location via map.

Automatic Personal Data Inventory and Records of Processing Activities (ROPA)

When you build or update your security measures, data map or your service providers, the system automatically updates the inventory and ROPA with department, data subject, business process, lawful basis, personal and sensitive personal data category, and security measures. For third parties / service providers, the systems updates the inventory report and items within modules, including processing category, processor name, location, service providers, country, and legal basis.

Real-time Compliance Status Summary by Risk and Task

 In the Compliance Monitor module, select one of more section, tasks, status and compliance areas and click load report to get a real-time summary and associated detail. Select areas from Employee Personal Data Management, Information Security, Response and Privacy by Design (PbD), Business Environment and Governance, Data Management and People, and any custom compliance checklists you have created.

Exports

After you select your reporting areas, download your report in either PDF or MS-Excel formats.

Data Map by Location

Service Providers and Sharing dashboard displays service providers and data controllers with whom your organization shares personal data on a geographic map. Hover over the country to display number of processors and data sharing by country. Also shows completion status of required service providers’ and sharing parties’ data privacy information within your privacy compliance.

Data Map Export

When visualize is clicked, data map displays as a visual data map for data inventory and collection sources. Downloadable in SVG or PNG formats.

Select Compliance, Governance and Task Areas for Reporting

Select one or more areas to display or download in pdf or MS-Excel formats. Areas include Organization Features and Setup, Data Mapping, Governance, Stakeholders, Compliance, Service Providers, Data Sharing, Tasks, and Status.

Display and Download Items by Task Owner

Filter by review due date, show overdue reviews and select one, several or all statuses, and notes.

Report Items with Data and Time Stamp for Audit Control and Evidence

Every entry into the system is date and time stamped with your user ID.

Real-time Compliance Status Detail

In the Compliance Monitor, you may select notes to report on compliance item details.