The DEFeND consortium, born with the help of the European Commission that funded the project within the Horizon 2020 program, realized an innovative data privacy governance software to empower organizations in different sectors to assess and comply with the GDPR.
The Consortium includes 10 partners from 8 EU Countries:
The DEFeND platform main dashboard includes 12 themes that help on addressing specific articles of the GDPR. Each theme is connected to one or more DEFeND services.
- Developing a GDPR privacy plan: to address an important challenge for organizations that aim to achieve GDPR compliance, by conducting an assessment of the organization’s readiness in relation to various GDPR requirements. Based on the results, it supports the development of an Action Plan to improve the maturity level and to maintain the Record of Processing Activities;
- Create a Third-party management program: to support managing the organization risks posed by third parties and to create policies and processes that help to ensure third party’s compliance;
- Managing Rights of Data Subjects: to assist organizations in creating policies and processes to respond to requests made by individuals – supporting data subject’s right to information, access, rectification, restriction, objection, erasure, and portability;
- Managing privacy incidents and data breach notification: to support the implementation and monitoring of information security policies and data breach response plans to comply with the strict formal reporting obligations;
- Implementing privacy by design: to help organizations with the analysis and implementation of technical & organizational measures to ensure & demonstrate that privacy is embedded into the design of new services and systems;
- Data de-identification: to provide access to privacy enabling technologies that support run-time anonymization and encryption of processed/stored data;
- Meeting regulatory reporting requirements: to set up methods to monitor and review activities towards compliance & to keep records for internal/external reporting to demonstrate compliance;
- Addressing international data transfers: to map international data flows and to manage mechanisms (containing adequacy decisions or appropriate safeguards) to allow transferring of personal data to non-EU countries;
- Creating data inventory and maps: to support creating and maintaining an inventory of processing activities, assets, and data flows, classified by data type, purpose, and responsibilities;
- Conducting privacy risk assessments: to design and implement processes to conduct & manage data protection impact assessments – (DPIA) and privacy risk assessments;
- Obtaining & managing user consent: to assist in the design and monitoring of processes so as to comply with strict GDPR requirements related to valid data subject’s consent. It is notably a statement or a clear affirmative action that must be freely given, specific, informed & unambiguous;
- Selection of appropriate technical and organizational security measures: to support monitoring and documentation of the physical, technical, and administrative measures implemented by the organization to keep personal data secure and confidential through adequate standard or certification.
DEFeND has five different services. Each service is implemented in the platform by a selection of the above themes:
- the Data Scope Management (DSM) aimed to identify and analyze the GDPR scope for the organization;
- the Data Process Management service (DPM), related to the design, implementation, and monitoring of data privacy requirements and mechanisms, e.g.: privacy by design, data control policies, integrated encryption, and anonymization;
- the Data Breach Management service (DBM) for privacy incidents handling and data breach notification and response;
- the GDPR Planning service, to support organizations in identifying, assigning, and monitoring the actions needed for GDPR compliance and/or improvement;
- The GDPR Reporting service to visualize, create and store compliance reports and support documentation.
The DEFeND software platform has been successfully tested in operational environments involving partners from four EU countries and in four different areas: healthcare, banks, energy and local public administration.
DEFeND will be available soon in three versions: Basic, Advanced, and Premium:
The Basic package includes 2 services: Data Scope Management Service (DSM) and GDPR Planning.
The Advance package version 1 includes the following 3 services: Data Scope Management Service (DSM), Data Breach Management Service, (DBM), and GDPR Reporting.
The Premium package includes all the services.
The modularity of the DEFeND platform permits a flexible approach that matches not only the organizational and technical needs of the potential customer but also, their budget.
From a technical point of view the platform will be available as a service or installed on customer premises. There is also a hybrid solution that combines both options and can be configured based on specific customer requirements. Technical and consulting services, including training, will also be available to help organizations to quickly on board the system.
Follow us for more updates on Defend on our online channels: