Being a large technology and service provider and hosting large volumes of client data, the company provides service desk solutions and develops custom-tailored and innovative data management technologies and applications.
Third party due diligence is an important part of our business and a requirement of data protection compliance. We need to assure that we are ethically engaging with companies that also respect people’s personal data. ROBUS facilitated the build and scale of our third-party management policy and streamlined our vendor lifecycle.
The adoption of the GDPR has significantly affected the way business is conducted in the highly developed digital environment, where customer management is one of the most important functions. Whether a company provides mobile apps, software as a service (SaaS), infrastructure, on-premises technology, or simply software, it must comply with the regulations to protect client data, reputation, and the data clients work with.
The GDPR policy affects all kinds of enterprises and organisations that do business with clients irrespective of their quantity, geographical location, and data management systems. The GDPR imposes critical requirements on tech companies as well as those involved in personal data processing and collection. The regulation ensures that tech companies monitor the type of personal data they collect from their users and the way they use it. In 2021, many major tech companies had to pay high fines due to non-compliance with the GDPR rules. Therefore, there is a demand for systems that can mitigate such kinds of risks and guide companies on the rules and standards that they should follow to be GDPR compliant.
GDPR compliance for tech companies means not only accurate client data processing but also data protection.
Under Article 33 of the GDPR, in case of a personal data breach, the company in the person of an authorised controller shall, without undue delay and not later than 72 hours after having become aware of it, notify the supervisory authority of the personal data breach, unless it is unlikely to result in a risk to the rights and freedoms of individuals.
DPIAs are required if data processing activities of an organisation could pose a risk to the rights and freedoms of individuals.
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. Under this rule, customers may easily copy or transfer personal data from one IT environment to another, meaning that tech companies must regularly update the information on data availability, location, and scope.
Organisations should be able to identify all personal data storage locations of company staff, clients, vendors, and partners, which may require tracking each record that involves data from different sources such as business correspondence and analysing CRM, customer support, and marketing systems, including cloud services.
The effect of the GDPR on tech companies should be taken seriously by every organisation to review and document data handling and collecting procedures. The regulation is constantly extending the rights of individuals to data privacy.
The industry involves many activities that require sharing of customer personal data. For example, when customers shop online, they expect their data to be handled accurately and with a high level of security. In their turn, companies that collect data from customers process and use this information for a certain period of time. In accordance with the GDPR, companies do not own this data and can hold it temporarily.
Customers may request the information they provided at any time. They also have the right to check if the data they provided is not damaged and may forbid sharing it with third parties, including partners of a company. Customers may also ask companies to destroy the information as data subjects that have complete rights to personal information.
Biometrics as identifiers for financial transactions
Right to be forgotten
Communicating a security breach
As the company employs many independent contractors that use their own equipment, software, and methods, there is a challenge of centralising and rationalising a common approach to data processing and assigning information governance accountabilities across the organisation.
Many services offered by the company involve the development of cutting-edge technologies, such as artificial intelligence and machine learning. As a result, most data processing is at high risk in terms of the data protection legislation and therefore requires Data Protection Impact Assessments to be carried out regularly.
As a technology company that uses customer data for the analysis of technologies, methodologies, and efficiency of features, the organisation needs to have a clear tracking of all the stored data and to be able to react instantly in case of any changes.
Within ROBUS all information you must collect on a third-party identified and stored and kept up to date in real-time.
The Vendor is linked to all the data assets where they process data on our behalf and where that data is located. Previous DPIA’s also link to the vendor record and if ever there is a third-party data breach this complete record in ROBUS allows us to immediately assess the risks to our organisation and apply the pre-planned mitigations.
DPIAs are no longer a burdensome task, as ROBUS provides online guided and dynamic assessments together with risk identification and management system for risk mitigation according to the GDPR standards from the start. Besides, an easy-to-use interface makes managing and tracking processes much easier. Now data sharing is not only recorded but also risk assessed and assured by ROBUS software following the legal basis.
Before ROBUS, the completion of a concise data protection impact assessment was time consuming and difficult to manage. There were many versions of the one document and the information it contained and due to one person being responsible for its completion could be inaccurate or misunderstood. As ROBUS is built for the relevant teams to collaborate on a DPIA it pulls quality information. Our asset register is completed by our technical team, our supplier management – by procurement and the business process owner completes our record of processing register, then you just link the correctly sourced quality information to the DPIA.
It is very important for us to show our customers that we care about them by being compliant with their privacy rights and with ROBUS it became possible because when it comes to the GDPR, it is all about ROBUS!
We have harnessed the power of ROBUS to document a diverse range of processing activities and service providers aiming to provide comprehensive risk management.
ROBUS gives us the confidence to know that all our data protection liabilities are covered in one system. This helps us save time because we can avoid navigating through unnecessary information and focus on what really matters. In our industry, innovative uses of data are the norm, so we need to be ahead of the game and ROBUS allows us to deliver to clients without compromising our privacy obligations.
GDPR compliance enables us to pay close attention to how we source our data. With close monitoring, we can be certain the information we receive comes from real, authentic customers, this helps us drive our business results.
The control of potential data breach risks enhances our reputation as a brand and helps to retain existing and attract new users.
ROBUS uses Azure technologies that allow combining modern cloud solutions and reliable local networks. The application is compatible with Microsoft 365, including the compliance centre that makes operations within the system easy and intelligible for all users.
ROBUS interface is available in German, Italian, French, and more than 100 other languages, so your team members do not need to speak English to work with the programme.
The ROBUS subscription provides access to the onboarding training so that your team could quickly learn how to work with the system, its capabilities, analytical dashboards, and requirements. ROBUS follows a customer-focused approach, so each company is treated individually.
Only 10 K £ a year and no more ‘hidden’ costs. Prices are transparent and clear, you can plan your budget once a year without constant changes and alignments.
Give us a call, send us an email, or complete the form below and we will get back in touch with you to show you how ROBUS can benefit your organization and help you understand its comprehensive list of features.