GDPR stipulates that you need to implement Technical and Organisational security measures. You can only do this by first Discovering what you have and then being able to Assess it.
The Assess guides you through assessments of third parties, systems and locations where you store physical documents, and then finally being able to access your processing activities.
Risks are then identified, documented and assessed as part of a Data Protection Impact Assessment (DPIA), a key mandatory requirement of GDPR.
As you enter your Processing Activities a map is created of all Data Flows, Systems, Companies and Data Types that are used as part of the process. This information can then be visualised and queried further to provide a more visual view of your process.
Risks are then generated based on the information that you've entered.
3rd Party Assessments
A review of each 3rd Party Company focussing on what Certifications they hold, Organisational measures they have taken to meet the requirements of GDPR and Security they have in place.
You will also be able to see all data received from and sent to each third party company, and which Systems and Storage Locations they own.
Each IT System, Electronic and Paper Document, will be accessed according to the type of system it is. Areas such as Security, Encryption, Business Risk, Auditing & Connectivity are all considered.
Results will be combined with the knowledge of what data is processed within each system to produce risks that can be later reviewed.
Physical Storage Locations
Much like IT Systems, Storage Locations will be assessed against criteria such as Security, Accessibility, Vulnerabilities etc.