One of the goals of the SBC Management System is to enable management to comply with the accountability obligation from the European General Data Protection Regulation (article 5.2 GDPR).
Comply with GDPR accountability
Compliance with accountability requires a system in which the following information is systematically recorded:
- The register of processing operations, which also includes the business processes and supporting information systems, provides an overview and insight into the area of responsibility of the controller/processor;
- The incident and data leak register indicates the robustness of the internal control in business processes and the corrective capacity of the organization;
- The register with investigations aimed at processing operations, business processes, information systems, processing or data exchange agreements give an impression of compliance with legal and contractual obligations and company policy;
- The register of requests from the data subject provides insight into the nature and scope of the requests and the manner in which the requests are processed; and
- The company data and an unchangeable logging of all changes in the management systems of SBC Management System and learning environment. Conclusive logging gives an impression of the compliance activities carried out and awareness and training programs during the year;
- The system is linked to a learning environment. A company uses this learning environment to organize awareness and knowledge among management and employees, which are necessary for organizing privacy and information security.
Protecting data and building information security requires a change in behavior on the part of management and employees. A change in behavior only takes place if there is awareness and knowledge building. The user of the SBC Management System plans the activities to be performed and manages the intended results and milestones.
The SBC Management System and learning environment are made for companies that want to comply with legal and contractual privacy and security obligations. The registers help the management to comply with the legal accountability of Article 5.2 GDPR. The SBC Management System and the learning environment are therefore essential ingredients to meet the minimum requirements of the GDPR in a cost-efficient manner.
Need more than minimal functionality
The functionality of the SBC Management System and the learning environment may be insufficient for a business organization to meet the legal requirements of privacy and information security. For example, it may be necessary for the organization of business activities to process special personal data or to process personal data outside the EU. For all these situations it may be necessary to expand the functionality of the SBC Management System and/or the learning environment.
If a company needs additional functionalities, we are happy to investigate how the SBC Management System can meet these additional requirements and when the potential user of the system will have access to these functionalities. We request that you contact the service desk.
How can the management system facilitate the Data Protection Officer?
Many companies do not use the services of Data Protection Officers (DPO), while other companies do. We also see internal and external DPOs who are sometimes supported by privacy officers. When developing the SBC Management System and the learning environment, we explicitly assumed the role of DPO.
Sometimes the DPO only fulfills the role of supervisor, but often the DPO is a cooperative foreman who ensures an adequate level of data protection. It happens that employees fulfill the role of DPO together with other roles. The fulfillment of the role of DPO depends on the nature and scope of the business activities and available budgets.
The use of the SBC Management System and learning environment gives the company management the opportunity to clearly formulate the DPO’s job description and to systematically record the results of the work. This allows an DPO to be deployed effectively and cost-efficiently.
An external DPO often takes care of the role of DPO for several business organizations. He or she has his own environment within the SBC Management System. This allows him or her to manage his or her own portfolio of companies where the DPO is appointed. In this way, the DPO can effectively carry out planned work and adequately respond to incidents/data leaks or requests from data subjects at companies without incurring “changeover costs”. In other words, the DPO functions a lot more effectively and efficiently.
Finally
The SBC Management System and the learning environment support companies in organizing privacy and information security effectively and cost-efficiently. We use a minimal functional design of the service that can be expanded if desired.
We recognize that appointing an DPO is costly. Optimizing the deployment of a DPO plus privacy and security organization with the help of the SBC Management and learning environment leads to well-filled registers that reduce the liability and cost risks of supervision of the AP and others, as well as operational costs.
Interested?
We understand that interest has been aroused. That is why we are organizing several information meetings with our partners this year. Of course you can also request a demo directly via this link. Would you prefer personal contact or a direct quote without obligation? Feel free to contact us via this link.
