The General Data Protection Regulation (GDPR) is in place and has greatly extended the rights of affected persons with regards to the usage of their personal data throughout Europe. This includes the right to obtain information about the personal data collected by the company - even if no data has been stored (negative information). The processing of the request is subject to the processing and acceleration provisions of Art. 12 para. 3 and 4 GDPR: As a rule, the request must be answered within one month. Depending on the number of requests or their complexity, an extension of the deadline may be requested. This sets a tight deadline that requires thorough preparation and organization of internal processes.
Solution Template: GDPR
Semi-automated data provision according to GDPR
The JobRouter® "GDPR" Solution Template makes it possible to process requests for data inspection and data deletion quickly, traceably and clearly through a semi-automated process. In the first step, the systems and applications used in the company are collected and assigned to persons responsible for checking the system for incoming data queries. Furthermore, a data protection officer must be appointed, who is available as a contact person and who manages all requests. This clearly defines the individual roles and duties of each employee, the rest is automatically queried and processed by the process.
This enables companies to quickly integrate a workflow that is initiated externally - for example, by a form or a button on the website. Once the requester has been uniquely authenticated, the process enables the request to be forwarded to all responsible employees by a workflow and can be processed immediately through their inbox.
Advantages of automated data provision
- tasks are distributed according to authorization rules
- clear traceability & security
- higher transparency & control
- clear data management rules
- better structure for internal workflows
- improved customer satisfaction
- lower costs for manual tasks
- lower risk of inefficiencies
With the JobRouter® "GDPR" Solution Template you can reliably manage all requests for data inspection or data deletion and always work in compliance with GDPR! The template is installed in a few hours, configured and ready for use within a blink of an eye! Additional adjustments are of course possible at any time.
What's in the GDPR Template?
In total, there are three ways to start the process and process the query:
- directly from JobRouter® via the start step
- sent by e-mail to a monitored mailbox
- via a public link to launch the application
This allows companies to quickly integrate a workflow that is initiated from outside, such as a form or a button on the website.
Make a request
The applicant's personal details (surname, first name, e-mail address) are collected via a form. These are necessary in order to assign the order and to be able to carry out a verification before processing the request. Once the applicant has been uniquely authenticated using a link in the confirmation e-mail, the request is forwarded to all responsible employees via a workflow for viewing the data.
Check request (processor)
The person responsible then checks in the corresponding system/application whether personal data relating to the applicant are available and enters them directly in the dialogue field.
The process combines all the information in a table. This table contains all information about the systems and the responsible employees, as well as the comments of the respective employees with explanatory information about the requested personal data.
Check request (Data Protection Officer)
These are checked again by the data protection officer and can be extended with a final comment on the request if necessary. The applicant will then receive an e-mail with all the information as a PDF attachment.
Request deletion of personal data
The request is now closed or can be directly retriggered by a follow-up request for data deletion via a link in the e-mail. The data protection officer then receives the table again and can order data deletion. This action is documented by a further comment field.