If you want to go even further with your GDPR compliance strategy, come and discover the training, auditing, support and outsourced DPO services available from Versusconsulting.Visit our GDPR website
Does this mean that the platform contains users’ personal data?
By choosing the double opt-in (consent confirmation by e-mail), the user’s e-mail address is stored on the platform. As this constitutes personal data, the rules inherent to the GPDR (especially concerning information security) are applied.
How is the tool secured?
Depending on the options you choose, a range of different security measures can be applied. In the basic version, the platform complies with the security requirements enacted by the GDPR. To comply with other regulations or your own IS security policy, other options may be added on.
Where are the data stored?
The entry and consent register data are stored and secured in various data centres in Germany. Back-ups are also secured in German data centres.
How do I build a connector to the platform?
To facilitate integration into the information system, the platform is built around an ESB. This is made by WSO2 and already features a number of connectors (DXcare, GED, CRM, ERP, Salesforce, Sitecore, Prestashop, Wordpress, Drupal, Magento, etc.). It is however possible to develop a personalised connector, allowing the platform to be connected to any existing solution. This can be developed by Versusmind, another service provider or by the client’s own teams if they have the necessary development skills.
Can the end user directly manage their own entries and/or consent?
Not directly. The person concerned must use an application provided by the organisation in order to interact with it. This application must be connected via connectors developed to match it. For example, if a request comes in by e-mail, a platform administrator or the DPO can annul consent manually.
Is it a collaborative tool (can several users manage data entries)?
The platform can be used by several different users (DPO and data entry managers, for example). If necessary, the access privileges of the various users can be set at an individual level.
I am an end user, and I’ve decided that I no longer consent. How is consent updated?
Aside from the administration interface, the platform provides an API which lets you withdraw consent. As such, and as the application can interact with the person concerned, they can use the platform to withdraw consent.
How much does it cost?
The platform is covered by an annual subscription fee, based on the number of consents to be managed. An initial estimate is made for invoicing purposes, which is then revised upwards or downwards depending on the number of consents actually recorded on the platform. If the client wishes to use the API to automate consent management, the integration and connector development costs will need to be included from the beginning.
If my company decides to sign up to this platform, will we comply with the GDPR regulations?
The platform alone can’t guarantee total compliance with the GDPR regulations, as these impose organisational measures and operational procedures. However, it does cover two major aspects of compliance: the data entry register and consent management.
On what level is it reversible? If I sign up and, after a while, I want to leave the service, how can I recover my consents?
When you terminate your contract with us, we’ll send you all of your data entries and consents in a standard format.
How can I prove that consent has (or hasn’t) been received, and extract this proof from the platform.
Each consent is signed by a certification authority (PKI) and time-stamped in order to guarantee its integrity and prove the time and date it was given. This guarantees the authentication of the data, and these items can be exported and attached to the consent in the event of an inspection (article 7 of the GDPR).
Is it mandatory to keep this kind of register?
Yes, this is a legal obligation for companies with more than 250 employees or for sensitive data entries (recital n°82 and article 30 - GDPR).
How can keeping this kind of register improve my compliance?
The GDPR requires companies and organisations to demonstrate that they are adhering to the personal data protection regulations. The register allows you to demonstrate this, in particular thanks to the information it contains, such as the finality of any data entry and the conservation time (considering n°74 and article 24 - GPDR).
What kind of information can I enter into the platform?
The platform allows you to meet the requirements of the GDPR and, in particular, enter the following: the name and contact details of the data entry manager (and their DPO if necessary), the finality of the data entry, a description of the people concerned, the category of data concerned and even the recipients of these data (in particular if the data will be transferred to third countries) - article 30 GDPR.