Personal data protection management system
The application organizes, automates and supports processes related to personal data protection (GDPR)
RIG GDPR Module
Wspiera w realizacji wymogów RODO poprzez uzyskiwanie i utrzymywanie rejestrów
Record of Processing Activities (RoPA)
Funkcjonalność pozwala na zbudowanie rejestru czynności:
- Fully compliant with applicable regulations and with the guidelines of the Polish Data Protection Authority (UODO)
- Built on dictionaries shared across multiple areas of the application, which standardizes entries and speeds up your work
- Enables you to demonstrate which company assets are used in each processing activity
- Includes a system that automatically populates technical and organizational security measures by linking them to assets
- Includes a system that automatically populates data such as processors, categories of recipients, third countries, and safeguards for transfers outside the EEA — based on relationships defined in the dictionaries
General Risk Assessment
This module fulfills the requirements of Articles 24 and 32 of the GDPR. It is the most highly automated functionality in the system, enabling you to map all processing activities against their associated threats through the supporting assets (resources) involved. This structure, presented as a table, generates a row for each threat–supporting asset–processing activity combination and allows you to:
- Identify asset owners and risk owners
- Define asset vulnerabilities that may contribute to the materialization of threats, and indicate the safeguards in place that can counter those threats
- Assess the likelihood of a threat materializing and of data losing a specific security attribute: confidentiality, integrity, availability, or lawfulness
- Estimate the risk level based on the likelihood assessment and on the severity of impact on data subjects, derived for each processing activity in a separate panel
- Develop a detailed risk treatment plan for individual threats, assets, or activities — including the option to assign a single plan to multiple combinations
- Forecast the impact of the risk treatment plan on the risk level from the initial assessment
- Evaluate the need to conduct a Data Protection Impact Assessment (DPIA) based on the risk assessment results. Thanks to the bulk edit feature, each of the operations above can be performed on hundreds of records at once
Data Protection Impact Assessment (DPIA)
This functionality allows you to carry out a full Data Protection Impact Assessment by:
- Assessing whether there are grounds requiring or exempting you from the obligation to conduct a DPIA
- Evaluating the likelihood of a high risk to the rights and freedoms of natural persons
- Gathering all the information required to complete the assessment:
- A description of the envisaged processing operations
- An assessment of necessity and proportionality
- An assessment of the risks to the rights and freedoms of data subjects
- A description of the measures envisaged to address those risks
- Documentation of any consultations, including consultations with the supervisory authority
Record of Categories of Processing Activities
This functionality enables you to build a record of categories of processing activities that is fully compliant with the requirements of the Polish Data Protection Authority (UODO), in which your organization documents activities carried out on behalf of other entities. The module allows you to define a category once and reuse it across multiple controllers (when a service of the same scope is provided to several entities).
Authorizations Register
This functionality enables you to instantly generate print-ready authorization documents for the processing of personal data.
- The module leverages the link between authorizations, processing activities, and the scope of data processed within them
- Includes flexible mechanisms that streamline the creation of new authorizations based on previously defined templates
- Full control over the validity of authorizations, thanks to integration with the Record of Processing Activities and a built-in status system
Legitimate Interests Assessments
This functionality enables you to evaluate and document whether the legitimate interests of the controller or a third party — as referred to in Article 6(1)(f) of the GDPR — can serve as the legal basis for a given processing activity. In line with regulatory guidelines, the assessment is carried out through:
- The Purpose Test
- The Necessity Test
- The Balancing Test
- A full assessment report
Data Processing Agreements Register / Joint Controller Arrangements Register
Functionalities that allow you to:
- Record data processing agreements
- Conduct processor due diligence
- Store copies, scans, and drafts of agreements
- Record, archive, and oversee arrangements between joint controllers
Document Repository / RIG Document Repository
These functionalities allow you to:
- Store and catalog policies, procedures, templates, and any other company documents related to personal data protection
- Use document templates prepared by RED INTO GREEN
Incidents and Breaches Register
This functionality allows you to:
- Assess an event and qualify it as a security incident or a personal data breach
- Conduct a risk assessment in the event of a personal data breach and determine the recommended course of action regarding notification to the supervisory authority, the controller, and the data subjects
- Assess breach risk using two methodologies — ENISA and DAPR
- Automatically prepare the notification to the supervisory authority, the communication to the data controller, and the communication to the data subjects, all within the RIG assessment form
- Record security incidents and personal data breaches
- Store all documentation related to the incident or breach
Data Subject Rights Register
This functionality allows you to:
- Record and classify requests from data subjects
- Monitor timely fulfillment of requests — when a new request is added, the applicable response deadline is assigned automatically
- Compare individual requests against one another
- Store all documents related to a request, including scans, response content, and more
Personal Data Disclosures Register
This functionality allows you to:
- Record all disclosures of personal data made by the organization
- Classify the type of recipient and log the categories of data and the volume of datasets disclosed
- Store documents that establish the legal basis for the disclosure — e.g., requests, agreements
DPO Logbook
This functionality allows you to:
- Maintain a detailed record of activities carried out as part of the Data Protection Officer’s duties, ensuring full accountability
- Store documents that evidence completed activities
- Plan upcoming DPO activities
- Collect information on completed trainings, audits, and recommendations issued — together with the ability to store all related documentation
Reports
This functionality allows you to:
- Export consolidated data summaries as .xlsx files from all key functionalities in the application — for archiving or audit purposes
- Generate clear, easy-to-read reports that reveal the processes, assets, and threats producing the highest risk levels in the organization. The reports also support the development of effective treatment plans
- Build reports that enable an analytical view of business processes — helping to identify and assess threats and to inform management decisions
- Produce reports in a clear, print-ready format suitable for presenting to senior management as heat maps
- Use extended reports featuring analytical threat maps that enable in-depth drill-down analysis
- Generate a report showing the distribution of risks across organizational units
- Easily browse risks by any criteria using pivot tables (e.g., checking which processing activities would be affected by a company server outage)
Comprehensive Help Center
An extensive collection of over 300 articles covering every module in the application — serving not only as a guide to how each functionality works, but also as a reference for the underlying methodology and a valuable knowledge base on the principles of personal data protection. The Help Center acts as a platform for the extensive know-how that DAPR sp. z o.o. shares with its users. Each article walks the user through a functionality step by step, while also providing the substantive rationale behind it — which is essential from an accountability perspective.
If you want to learn more about the product, get details about the subscription, price, access or have other questions, please register!
FAQ
How does the RED INTO GREEN methodology support the Data Protection Officer?
- The DPO sees the results of the risk analysis in the form of clear reports.
- High degree of work automation (the system saves many hours of work while increasing the quality of the analysis carried out).
- The DPO works in an Excel-like environment
- Possibility for multiple data entry
- Logical, transparent methodology for carrying out a risk analysis under the GDPR, including risk estimation and impact assessment (DPIA).
- Intuitive handling of processing activity logs functionally linked to risk analysis.
- Reports that enable prioritisation of tasks assigned to relevant functions, including the Data Protection Officer.
- Full factual justification for each Module of the application.
What do the RIG GDPR reports provide? Are registers alone not enough?
The registers alone and the other Modules necessary to be compliant with the requirements of the GDPR are enough for us, but… Since we have already gone to so much trouble, devoted the time of several or a dozen people to gather information about the processes taking place in the company, activities to…. We have virtually complete data on the IT infrastructure, technical security and much other valuable information. Why not use them in an even more productive way? Give the information to decision-makers in an aggregated way, use it to improve the organization, support its development? And, at times, prevent a slip-up due, for example, to a lack of some simple security feature? Or perhaps to improve a process? All the data you need for this is in the reports. All you need to do is look at them or think about what other report your organization could ‘use’. We will put it together for you.
How long does it take to implement the RIG GDPR Module?
From as early as 1 week after signing the contract, the customer can be fully operational with the RIG GDPR Module.
D+0 – signing the contract, defining system users.
D+1 – launching a new instance, configuring user accounts (actual time depends on the involvement of the Client’s IT department; statistically, the workload is completed in less than 4 hours).
D+2/D+3 – user training (1-2 days).
D+3/D+4 – the Client starts working in the application, with constant availability of technical and substantive support from RED INTO GREEN.
How does RIG make the work of the Data Protection Officer easier?
To make the work easier and allow most of the work to be done by people who are not professionally involved with GDPR – at each stage of work with the application, we use a system of hints consisting of information: why the activity is being performed – what legal provisions we are fulfilling, how to perform a given activity so that it is performed correctly. We want the application to relieve the DPOs and allow the data needed for risk analysis to be entered by specialists who take care of the areas of the company’s activity covered by it on a daily basis.