A new software system is always a learning experience. We have done our best to support you with this process. Here we would like to introduce you to the wording of the Data Protection Management System.
The DPMS is build around different modules. The most important are:
- 3rd Party Management
- Case Management
The Frontend allows the company to offer a form to every stakeholder group which might interact with the DPMS. For example if a customer requests his information this would be mostly done by a form on the webpage. This form is created by the DPMS and is called a "Frontend" as it is facing the various different stakeholders.
Why do we need this?
If you have different stakeholders which you want to show a different design of the frontend or you need different input variables or lastly if you have different requirements regarding the authorization of the stakeholder. For example: You want to show customers a different form than for example your employees or your suppliers. Mostly employees have other means of authorization such as LDAP or Single-Sign on. Customers on the other hand usually have a user login or no login, which makes the use of MTAN or other options necessary.
The Workflow is at the heart of the DPMS. It determines the process in which data is extracted from the data sources as well as the classification of the data. You also set if Data Subject Access Requests should be approved manually or if you want to use Straight Trough Processing (STP).
The 3rd Party Management
The 3rd Party Management allows you to manage all data processors for your company in one place. The GDPR requires you to have Data Processing Agreements with all your data processors as well as having a legal basis for transfer of information to the data processor.
All this can be done wiithin the 3rd Party Management.
If you process Data Subject Access Requests, you will have to manage the requests. In the DPMS requests are called cases. Our case management allows you to edit cases, create reports and handle errors (for example if your data source is unavailable). Also if you conduct a manual identification, your support agents will approve the data and confirm the correct identification of the requestee.