In this getting started page we describe the activities that will give you a flying start with the application of the SBC Management System.
All our demos and manuals are filled with fictional information. The operation of the system is of course the same, but with a different content. Matching the fictitious information with actual data is always based on chance. For the ‘getting started’ explanation, we use the ‘10 steps prepared for the AVG‘ of the Dutch Data Protection Authority.
When you have followed these steps, we recommend that you consult the page ‘expansion, awareness and training‘. This is a follow-up once you’ve implemented the steps below in your organization.
Step 1: ‘installation and dashboard’
Log in with your username and password. The URL is app.sbrpowerhouse.nl. After logging in, the main screen appears. From here you can navigate to activities in the management system, such as your company, the checklists, the audit log, etc.
Step 2 ‘Setting up your company’
Setting up or supplementing your company, such as the company name, Chamber of Commerce, address and website. If applicable, enter the relationships your company has, such as the data subjects, investigations, processing operations, etc.
Step 3 ‘creating awareness’
Setting up your learning environment to ensure that relevant employees in your company are aware of the GDPR and related legislation. Employees must assess the impact of the GDPR on current processes, services and goods and what adjustments are needed to comply with the GDPR.
Step 4 ‘rights of data subjects’
Mapping out all those involved in and outside your company. Under the GDPR, people (data subjects) have more rights, such as data portability, the right to inspect, correct and delete data. It is therefore important to have a complete overview of your stakeholders. Of course this is not a snapshot, but a continuous process of adding, adjusting and removing.
Step 5 ‘overview of processing operations and information systems’
It is important to map out all your data processing operations. Document in the SBC Management System which personal data you process and for what purpose, where this data comes from and with whom you share this data.
It is also important to map and maintain the information systems when making an inventory of your processing operations.
Step 6 ‘investigate’
Under the GDPR, you are required to perform DPIAs if an intended data processing operation is likely to entail a high privacy risk. The investigations, results and findings of privacy by design and by default can also be documented in the management system under ‘investigations’. You can then link these investigations to multiple processing operations, contracts, data subjects, data leaks, etc.
Step 7 ‘obligation to report data breaches’
The GDPR sets strict requirements for registering (own) data leaks that have occurred in your company. With the SBC Management System you document these data leaks and link them to a processing, information system and/or a data subject.
If you follow the steps above you will be well on your way to complying with the rules of privacy and information security. It goes without saying that it remains the challenge to keep the “accounting” up to date. We understand that completing and maintaining the management system is a continuous activity. That is why our partners are happy to help you with advice, support and training.
Recording relevant data in the SBC Management System provides the privacy team, possibly supplemented by the Data Protection Officer (DPO), with an overview and insight into the processing operations to be controlled. The system records all changes in the system in a logging, which makes it possible to convince accountants, IT Auditor and the supervisor that control measures have been taken. The SBC Management System also provides a resource for management to meet legal accountability and enables oversight for the DPO.
Questions? Feel free to contact us.