GDPR Personal Data Incident Management System

What is it?

The Personal Data incident Management system is a MS-Access based tool which provides a secure way to create, track, share, report and manage personal data incidents records in a consistent and auditable way allowing you to comply with privacy laws like GDPR and frameworks like NIST.

Essentially, it’s a fully secure way of tracking and reporting on your incidents which gives you the information you need quickly for personal data incidents for your own use or to provide to government agencies, assessors or auditors who might need to see proof of an effective personal data breach management process is in place.

The system uses highly detailed data entry forms, report options, reports and queries to give you complete control over every aspect of personal data incident management. It includes sample incident records as a model to get you started quickly and the ability to, print, export to PDF and email records which is essentially often only available in expensive software packages.

The system can be used with many privacy frameworks and has a very useful metrics dashboard which gives you useful KPI reports for ITSM. These reports include open and closed incidents by period and assignee giving you a breakdown by whose done what.

It also features various security access levels, encryption and lockdown features which ensure the confidentiality of sensitive data that it stores on the backend.

What problem is it trying to solve?

Personal data breaches are costing companies millions in fines and lost business through largely avoidable mistakes. Data protection authorities are coming down hard on businesses who are taking documentation risks using excel or word documents to track incidents which are insecure and missing the details that are required by authorities and auditors.
For those organizations documenting incidents using systems like Jira, Service Now and Remedy, they are not designed to deal with personal data incident management which often stores very sensitive nature which needs to isolated properly from ITSM tickets.

In addition the above methods offer little in the way of appropriate business intelligence, useful reporting functionality or methods to ensure data entry is secure, accurate and complete. This means that PII record-keeping is much more likely to trigger an issue in the case of a breach or legal case when regulatory authority investigations are underway.
A sound method is required to handle data entry consistently every time with some level of tracking and reporting so you can identify gaps and overdue tasks.

Who is this system designed for?

This system is particularly useful for organizations without a large budget for software solutions but who need to demonstrate compliance to appropriate authorites in any jurisdiction where they control or process PII / NPI.

Can I Book a Product Demo?

Yes, of course. Use the contact us page to request one. Please indicate best times and timezone.

What are some of the key features?

• This system is suitable for most data privacy laws that require a personal data notification and handling process for PII / NPI / ePHI.
• Highly secure system with Admin, Editor and Reviewer (RO) access levels with a convenient registration system to give you granular control over who can do what.
• Form based entry with timestamping, CTI (PII Category, Type, Item) drop-downs for PII types, severity levels, incident assignees etc.
• User registration system for managing users, changing passwords etc
• Alignment to requirements from most jurisdictions for breach reporting requirements, so that you can quickly produce reports etc.
• Includes quick methods of record retrieval, pre-formatted printing, saving, secure sharing and editing functions which are commonly found in expensive systems.
• Includes a set of pre-built sample records with sample categories and other record data which allows you to familiarize yourself with the process.
• Includes a KPI metrics dashboard showing no of records assigned to each system user activity, no of records opened and closed YTD and in the current quarter.
• It includes summary and detailed incident print-ready reports along with a report for system user membership so you can control who has access.
• It has an Admin Console area for tasks such as backing up database, encrypting database and exporting it to SQL.
• It also includes a support form to reach us, if you have any questions.

WHAT ABOUT SYSTEM SECURITY?

This system has an option to encrypt the database with a strong password and 3 levels of login security for Admin, Editor and Review role. The downloadable user guide contains further instruction on ‘Database Splitting’ which restricts access further to the Front End.
The system is locked down interally from accessibility to tables, queries and menus based on role.

WHAT’S INCLUDED IN THE DOWNLOAD?

You get a MS-Access Database file in the latest .accdb format.
A user guide showing initial setup and information on secure sharing for other team members.
A sample breach notification document (useful as a template in case you do have to notify customers of a data breach)

WHAT ABOUT PRODUCT SUPPORT?

There is a support form included in the product should you run into any issues. Refunds are limited to issues that cannot be fixed within a reasonable amount of time. Please see our policy here.

ABOUT THIS PRODUCTS DEVELOPMENT

This product was designed over a period of 350 hours which involved UX, coding, testing and peer review.

ACCESS SOLUTIONS

MS-Access is a powerful platform that offers many of the features that you see in enterprise products but at a fraction of the price. For budget concious organizations, it can be an excellent choice to build privacy and security tools such as this one and other compliance record-keeping apps. Consider DPO solutions for your next compliance project when quality and price is important to you at [email protected]

Thank you for visiting us.

Find us on YouTube at https://www.youtube.com/channel/UCNMDGbIydcw2OIJ3qcVOFGw/
or @dposolutions.privacy