Privacy policies get updated as required by each company or individual. This module displays the updates made by you or as presented to you by your company to enter, relating to your policy.
As a member of GDPA, you are provided with the option to unsubscribe from various subscriptions we have in place and will continue to develop. Using this audit will facilitate your request.
Within minutes, register the Third Parties which have access directly or indirectly to the personal data your company holds including employees, members, customers etc…
Each Third Party you register will be linked to the corresponding TCID from your Third Party Compliance entries which you will find HERE. If you haven’t created your Third Party Compliance entries then start HERE.
You will also find links to these sections via the AUDITS menu tab found at the top of your screen.
Create your master Third Party Compliance processing agreements.
These Third Party Compliance agreements will save you countless hours of work when it comes to registering your third parties.
You will be simply place the applicable TCID to each registered third party entered via the Third Party Registry audit.
The ongoing development of the GDPA platform is not solely based on what we may come up with, it also constitutes your ideas.
Though we at GDPA have laid down the foundation of our platform, it’s ongoing growth is spurred on by individuals like you submitting what you would like to see added.
Software Application Security is the general practice of adding features or functionality to software to prevent a range of different threats such as denial of service attacks and other cyber attacks and data breaches or data theft situations.
Different types of application security such as firewalls, antivirus programs, encryption programs and other devices can help to ensure that unauthorized access is prevented. Companies also can identify sensitive data assets and protect them through specific application security processes tied to these data sets.
Software Application Security is aimed at protecting clients and users of software from of hacking and malicious intent.
Furthermore, Software Application Security is critical for mobile app stores, where hackers try to attach various kinds of malware to less vetted mobile applications.
Security Policies assist you in designing, implementing, guiding, monitoring and managing security over an organization’s data.
It primarily focuses at securing and protecting logical data stored, consumed, and managed by an organization.
Risk assessments identify hazards that could negatively impact an organization’s ability to conduct business.
These assessments help identify these inherent business risks and provide measures, processes and controls to reduce the impact of these risks to business operations.
Privacy by Design promotes privacy and data protection compliance, and helps you comply with data protection regulations.
Companies and organisations need to implement privacy and data protection throughout a project life-cycle, including when:
Privacy audit is to assess an organization’s privacy protection posture against any legislative/regulatory requirements or international best practices and to review compliance with the organization’s own privacy-related policies.
This involves evaluating procedures undertaken by an organization throughout the typical information life-cycle stages such as how information is created or received, distributed, used, maintained and eventually disposed.
Physical & Environmental Security is defined as that which securely operates on an ongoing basis regardless of the persons in it.
It affects the actions and outcomes concerning the people within it, encompassing everything around us that provide our basic needs and opportunities for social and economic development.
All processes and behaviors take place within specific physical environments. In this instance it has to do with your business.
Organizational Security is a sustained, appropriate level of security in team communication and information management practices.
When more than one person works together to achieve a goal, they need to be able to communicate and manage information to get things done.
Mobile Devices audit addresses the different approaches for managing mobile devices within a business or organization and identifying the impacts and outcomes which are focused on people, devices, applications/websites and data.
Information systems is the study of complementary networks of hardware and software that people and organizations use to collect, filter, process, create, and distribute data.
They comprise combinations of hardware, software, and telecommunications networks that people build and use to collect, create, and distribute useful data, typically in organizational settings.
Information systems are interrelated components working together to collect, process, store, and disseminate information to support decision making, coordination, control, analysis, and visualization in an organization.
Incident Event & Communications enables organizations to create and manage dialogue related to major business issues or incidents.
It allows the bringing together all involved users during these events and establish quick and easy communications within this group.
For example, a major issue occurs in regarding a data breach. The incident could potentially impact all users, so it is important to bring together key representatives and communicate quickly and effectively.
An incident communication plan addresses this process and assists in resolving the matter.
Human Resources is the function in an organization that deals with the people and issues related to people such as compensation and benefits, recruiting and hiring employees, on-boarding employees, performance management, training, and organization development and culture.
Compliance is a comprehensive review of an organization’s adherence to regulatory guidelines.
The outcomes evaluate the strength and thoroughness of compliance preparations, security policies, user access controls and risk management procedures over the course of a compliance audit.
What precisely is addressed varies depending on whether an organization is a public or private company, what types of data it handles, and if it transmits or stores sensitive financial data.
It gauges the overall risks to compliance and security and to determine whether the company is following internal guidelines.
The reports can be used by management teams to identify areas that require improvement.They measure company objectives against output and strategic risks.
Communications & Operations is the sending and receiving of messages among interrelated individuals within a particular environment or setting to achieve individual and common goals.
Organizational communication is highly contextual and culturally dependent.
Individuals in organizations transmit messages via various methods including face-to face, written, video recorded, audio recorded and mediated channels.
Cloud security is the protection of data stored online from theft, leakage and deletion.
Methods of providing cloud security include firewalls, penetration testing, obfuscation, tokenization, virtual private networks (VPN), and avoiding public internet connections.
Major threats to cloud security include data breaches, data loss, account hijacking, service traffic hijacking, insecure application program interfaces (APIs), poor choice of cloud storage providers, and shared technology that can compromise cloud security. Distributed denial of service (DDoS) attacks are another threat to cloud security.
These attacks shut down a service by overwhelming it with data so that users cannot access their accounts, such as bank accounts or email accounts.
Business Continuity and Disaster Recovery (BC & DR) is a set of processes and techniques used to help an organization recover from a disaster and continue or resume routine business operations. It is a broad term that combines the roles and functions of IT and business in the aftermath of a disaster.
BC & DR is divided into two different phases/components:
Business Continuity (BC): BC deals with the business operations side of BC & DR. It involves designing and creating policies and procedures that ensure that essential business functions/processes are available during and after a disaster. BC can include the replacement of staff, service availability issues, business impact analysis and change management.
Disaster Recovery (DR): DR is primarily focused on the IT side of BC & DR. It defines how an organization’s IT department will recover from a natural or artificial disaster. The processes within this phase can include server and network restoration, copying backup data and provisioning backup systems.
Typically, most medium and large enterprises have an integrated BC & DR plan or separate BC and DR plans for dealing with unforeseen natural or man-made disasters.
Asset Management refers to systematic approach to the governance and realization of value from the things that a group or entity is responsible for, over their whole life cycles.
It can apply both to tangible assets (assets with a physical form) and to intangible assets (assets with a non-physical form such as patents, trademarks, copyrights, goodwill and brand recognition).
Access Control is a security technique that regulates who or what can view or use resources in a data drive environment, including digital and print.
It is a fundamental concept in security that minimizes risk to the business or organization.
The effectiveness of compliance starts with the actions undertaken by Senior Management. Although effective compliance starts with the board, it must be disseminated throughout your organization. Senior Management must demonstrate their understanding, commitment and respond quickly to compliance issues raised by data subjects internally and externally.
The components of Senior Management Compliance include establishing its compliance responsibilities, communicating those responsibilities to employees, ensuring business processes incorporate internal policies for meeting legal compliance requirements and review operations to ensure accountability for meeting assigned responsibilities and legal compliance requirements.
Do you have an idea on how we can improve our platform and service to you? Or maybe you have something in mind.
Reach out to us, we are always open to bright minds and ideas, and who knows where it can lead to.
If you have a question, don’t hesitate to touch base with us.
We will do our best to provide you with the correct answer you require or steer you in the right direction.
Due to the influx of questions we receive on a daily basis, we will do our best to deliver our response to you within the shortest possible time-frame.
Click SHOW ME HOW below each audit to view presentation.
Complete the PRIVACY POLICY audit.
Complete the PERSONAL ANALYSIS audit.
Complete the GAP ANALYSIS audit.
Complete the COMPACT AUDIT audit.
Complete the LIIA audit.
Complete the DPIA audit.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used to xxx.
This audit is used so you can lodge any data breaches that you come across by your competitors. Upon receipt, we will investigate your compliant and upon confirmation, they will be listed in our non-compliant database. Brand reputation for non-compliance does have a negative impact (aside of possible monetary penalties).
A Centrify study found that 65 percent of data breach victims lost trust in an organization as a result of the breach. IDC found that 80 percent of consumers in developed nations will defect from a business if their information is compromised in a security breach.
On top of lost trust, companies also need to worry about the networks of directly affected customers. An Interactions Marketing survey found that:
The magnitude of any data breach is far-reaching thanks to the internet. A company’s widespread negative reputation specifically from a breach can damage their overall reputation more than they realize. This can ultimately impact their bottom line. Security Magazine reported on a study that found:
At anytime you can post an article that you feel would be of interest to the wider audience.
The article has to have relevance with data protection and cyber security.
Upon submission, your article will be reviewed and if we find no issues with it, we will post it accordingly in our NEWS section.
If we do have an issue, we will reach out to you.
This audit gives you the right to have inaccurate personal data rectified and incomplete personal data completed.
Keep in mind that this will depend on the purposes for the processing and may involve providing a supplementary statement to the incomplete data.
This audit is used so you can list new career vacancies that require individuals to have a level of data protection skill sets on top of their primary responsibilities.
A Data Protection Impact Evaluation (DPIE) is a process to help you identify and minimise the data protection risks on each new project and on existing projects which are not supported by a DPIE.
https://vimeo.com/323211386
This audit is used to record your data processors non-compliance to the activities performed based on the personal data and instructions you have handed them.
You must log and protect your position as a data controller against any unforeseen data breaches made by your data processors.
This audit is for the purpose in recording the activities and attaching the agreements between you and data processors.
The data processor or (processor) is a person or organization who deals with personal data as instructed by YOU the data controller or (controller) for specific purposes and services offered to the controller that involve personal data processing.
This audit is used by to record any data breaches brought forward by individuals against you.
It permits you to manage and monitor such breaches, whilst maintaining a digital footprint of events and outcomes from start to finish.
Use this audit to register a complaint which you have raised against a third party regarding your rights as a data subject. This can be an internal complaint or an external complaint.
GDPA will mediate your complaint where it complies with the data privacy regulations in effect.
Within minutes, register the Projects which collect and/or work with directly or indirectly personal data, including employees, members, customers etc…
Each Project you register will be linked to the corresponding PCID from your Project Compliance entries which you will find HERE. If you haven’t created your Project Compliance entries then start HERE.
You will also find links to these sections via the AUDITS menu tab found at the top of your screen.
Data Privacy Regulations require you to demonstrate legitimate interest in how you handle personal data. This audit is designed to make it quick and efficient, without having to spend hours by simply recording the base project parameters and then linking it to the applicable PROJECT COMPLIANCE audit.
When you use personal data for a new project or task, for example;
via
both in digital or physical format, irrelevant if you are performing the task from within your place of employment or not (eg: home, in the field etc…), you will record it in this audit.
The reason being, with the plethora of tasks you perform in your day to day activities, it will be near impossible to demonstrate compliance should;
Create your master Project Compliance entry.
These Project Compliance entries will save you countless hours of work when it comes to registering your new projects using personal data.
You will be simply place the applicable PCID to each registered project entered via the Project Registry audit.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
This Privacy Policy is to keep individuals informed of how you collect, use, share, secure and process their personal data on all your social media platforms.
You are required to inform your customers about why you are processing their data, for how long will you store it and how you use their data in plain and clear words.
Your policy is hosted on our servers and you are permitted to use your custom link branded page with your name and your qrcode, and place it anywhere you desire both online and offline, digital and print.
This Privacy Policy is to keep individuals informed of how you collect, use, share, secure and process their personal data on all your platforms including any and all social media sites you are on.
You are required to inform your customers about why you are processing their data, for how long will you store it and how you use their data in plain and clear words.
Your policy is hosted on our servers and you are permitted to use your custom link branded page with your name and your qrcode, and place it anywhere you desire both online and offline, digital and print.
This audit is designed for you to take down retrieve, edit and download personal notes without losing your track of thought, purpose or actions.
This audit is designed to assist you in requesting data that you have entered to be corrected by GDPA. You will use this feature when you cannot find the data to correct yourself.
This audit is designed to keep you compliant with Art. 33 of the GDPR and with local privacy regulations where applicable, where you must keep a record of any personal data breaches and ensure that you have robust breach detection, investigation and internal reporting procedures in place.
In the case of a personal data breach, the controller (that’s you) shall without undue delay and, where feasible and not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55 and if the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
Recording personal data breaches is a great way for a company to identify any shortfalls in their path to compliance and place the correct measures in place to mitigate a repeat of such breaches.
Personal Data Protection Compliance is an ongoing process. This audit is designed to initially determine and thereafter keep track of your basic understanding with personal data regulations.
When you understand the purpose of data privacy, applying it in your day to day activities will result in greater productivity and the cementing of best practices in your activities for the greater benefit of the organisation and the public at large.
When fines and prosecutions are handed down, in many cases they are done so all the way to a personal level, therefore don’t compromise your position. Don’t permit complacency or influence to interfere with your duty and obligation towards following the protection of personal data in your possession and/or your daily workflows.
Choosing not to comply can even result in you and/or your company to cease trading. The cost goes beyond economic factors, therefore disobeying data privacy regulations is too high to avoid or ignore.
You will use this audit to log your personal data breaches.
A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. This includes unintentional information disclosure, data leak and also data spill, careless disposal of used computer equipment or data storage media and unhackable source.
Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. Most data breaches involve overexposed and vulnerable unstructured data files, documents and sensitive information.
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
This Personal Analysis is directed at identifying if you require training and if you are not meeting the desired performance requirements or goals relating to data protection regulations you are directly responsible for.
This Personal Log is used to record your personal data handling activities.
Access logs, error logs, and security audit logs are now considered to hold personal information.
You must protect your position against any future breaches as proof of evidence.
1: Enter the email where your payment will be linked to.
2: Select if you wish to be notified on each new referral.
3: Instead of using your Username, enter your own custom link code (slug). You can choose between an alphanumeric (letters and numbers) or alphabetic code (letters only). Note: Custom codes can be all lowercase, all uppercase, or sentence case (a mix of both lowercase and uppercase) letters. The maximum length is 60 characters as per code.
Direct Links allow you to link directly to your website or social media pages.
Simply enter your link, for example:
✍ Website: https://yourwebsitename.com/
✍ Facebook: https://facebook.com/yourname/
✍ Facebook Page: https://facebook.com/yourpagename
✍ Facebook Group: https://facebook.com/groups/yourgroupname/
✍ Instagram: https://instagram.com/yourname/
✍ Twitter: https://twitter.com/yourname/
… you get the idea.
This is a major incentive for you, and will assist you in greater engagement.
If a visitor recognizes a partner link whilst on an partner ’s site, they’ll know the partner will earn a commission if they click that link and make a purchase. In some instances, a partner link may make a visitor skeptical and they won’t click the link. A potential customer turned off by a partner link could mean a missed sale.
By using Direct Links, visitors will be completely unaware of any partner links, greatly increasing the chance of clicking a link to GDPA and going on to complete a purchase and you gaining your commission.
Partner referral URLs can include a campaign parameter to help you track and monitor the performance of your partner links.
You can name your campaigns when generating a partner referral link, or manually append a campaign name to a partner referral link. When using the generator, the campaign name will be automatically appended to your partner referral link. Here are a couple of examples of what the referral partner referral link looks like with a campaign parameter added:
✍ http://yoursite.com/product-1/?ref=123&campaign=twitterjanuary
✍ http://yoursite.com/ref/123/?campaign=twitterjanuary
You may wish to use campaigns to place specific partner links in specific marketing channels – such as in an email, on a particular social media platform, or on your own website or social media pages.
The campaigns created by you are visible in the Statistics tab when you are logged in. This tab also shows the following campaign data:
Some examples of campaign names you might use are: “Winter Email”, “Twitter January”, “Facebook Compliance”, “Summer Promo”, and so on. This could be aligned with the marketing material we provide you with, or a sale or promotion you have scheduled.
A shorter, simpler campaign name usually works best. Think of it like a coupon code – a campaign name between 15 and 25 characters can effectively describe a date, product, and channel for where a specific campaign link is being shared.
Additionally, some social media channels have a limited amount of characters available. The more characters you use in your partner referral link, the less space you have to market our platform and services.
Using this campaign parameter will allow you to identify where you should focus your marketing efforts for maximum sales and referrals.
This section provides a quick visual indicator for different referral statuses, without needing to use several separate graphs, so you can easily get an immediate snapshot of comparative data.
GDPA’s referral program rewards you for sharing our links over your social networks and e-mails. A typical referral scenario is where three of your friends sign up to our platform via your referral links.
Any partner payment is generated within our platform where it is logged and shown on this screen and where you can view information about each payout made to you by GDPA.
Any shipping costs and applicable taxes are excluded from payout calculations.
GDPA uses cookies to track visits derived from partners generated referral links.
When a customer clicks on an partner’s referral link, and these cookies are successfully generated, a visit will appear in Partners Visits screen. The cookies will then remain in the browser throughout the purchase or conversion process to track the correct partner so a referral can be generated for that partner.
The cookies will also remain in the customer’s browser for a period of time or until the customer clears their cookies. The default cookie expiration is 7 days.
Creatives are pre-made banners and assets that Partners can use to easily promote GDPA.
Instead of requiring you to create your own banner images or partner URLs, we make it easy for you by setting up a list of pre-made banner images of various sizes, or text links, that they can simply add to their own websites or email newsletters.
You must be a GDPA Member to view this content.
Your own compliance policy configured with the unencumbered right of access for individuals. The process is simple and straight forward and comes with a policy support line for the public that we attend to on your behalf 24/7.
1: Select the TYPE of policy, enter a few basic details and you are done.
Data Subject Rights Compliance Policy (where you have an existing privacy policy and only add the link to your GDPA Compliance Policy) VIEW DEMO
or
Full Compliance Policy (where you don’t have a compliance policy and commence with GDPA’s default Member Compliance Policy) VIEW DEMO
2: Once submitted, your policy will be assessed by a team member.
3: With all being in order, you will receive an email with your policy link and your own policy QRCODE.
4: Place the link and/or the QRCODE anywhere visibly required to demonstrate your compliance with privacy laws. You would place it on your website, social media pages, business cards, invoices, receipts, brochures, billboards, outgoing emails, newsletters, anywhere required to display your compliance policy.
5: You can submit edits to your compliance policy at anytime.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
You must be a GDPA Member to view this content.
The Legitimate Interest Impact Assessment (LIIA) is designed to help you to decide whether or not the legitimate interests basis is likely to apply to your processing.
1. Audit Title
2. Horizontal Bar Chart
3. Number of Members
4. Number of Entries
5. Members with No Entries
…..5.1. Number of Entries
…..5.2. NO ENTRIES Icon
…..5.3. Percentage of Total Entries
6. Members with Entries In Progress
…..6.1. Number of Entries
…..6.2. IN PROGRESS Entries Icon
…..6.3. Percentage of Total Entries
7. Members with Completed Entries
…..7.1. Number of Entries
…..7.2. COMPLETED Entries Icon
…..7.3. Percentage of Total Entries
1. Audit Title
2. Number of Members
3. Close Popup Screen
4. Chosen Status
5. Number of Entries
6. Percentage of Total Entries
7. Search User or Organisation
8. Download CSV File
9. Members Name
10. Members Level Access
11. Date Member Registered
12. Date Member Commence Audit
13. Date Member Updated Audit
14. Days Since Last Activity on Entry
15. Members Organisation (where applicable)
16. Members Unique User Identification Number
17. Members Unique Entry Identification Number
Applies to No Entries, In Progress & Completed
please login to gain access
Register your employees which collect and/or work with directly or indirectly personal data, including employees, members, customers etc…
Each Employee you register will be linked to the corresponding HRID from your Human Resource Compliance entries.
You will also find links to these sections via the AUDITS menu tab found at the top of your screen.
Use this audit to create your default Human Resource Compliance. Thereafter when you enter an employee into the Human Resource Registry, simply enter the applicable Human Resource ID (HRID) to it. This way you will be able demonstrate compliance with all your employees.
If you ever feel the need to reach out where your employer might require assistance, feel free to reach out and we will discuss the matter with them. You can choose to remain anonymous when making this request.
When you officially register, you will immediately be provided with the links to your GDPA Certificate and to your GDPA Seal. You will also receive an email with the details and links.
Add the GDPA Certificate and your GDPA Seal to your profile. CLICK HERE. Good opportunity to complete/update the other profile fields.
Your GDPA Compliance Policy and GDPA Embedment Code will be sent to you via email within 48 hours Monday – Friday (excluding public holidays & unforeseen circumstances) from point of official registration.
By the time the email arrives, we would have added the GDPA Compliance Policy and GDPA Embedment Code in your account. CLICK HERE to view your profile.
You must be a GDPA Member to view this content.
The Gap Analysis assesses the extent of your organisation’s compliance with the GDPR (General Data Protection Regulation), and helps identify and prioritise the areas that it should urgently address.
This Full Audit determines whether the organisation has implemented adequate policies and procedures to regulate the processing of personal data. Additionally, the review will ensure that monitoring of personal data processing is carried out by such policies and procedures and identifying and controlling the risks to mitigate data breaches.
It comprises approximately 1600 questions modulated across 17 primary business operational chapters:
1. Expand Audit Analytics
2. Audit Title
3. Number of Members
4. Number of Entries
5. NO ENTRIES Icon
6. Percentage of Total Entries
7. IN PROGRESS Entries Icon
8. Percentage of Total Entries
9. COMPLETED Entries Icon
10. Percentage of Total Entries
1. Collapse Audit Analytics
2. Audit Title
3. Number of Members
4. Number of Entries
5. NO ENTRIES Icon
6. Percentage of Total Entries
7. IN PROGRESS Entries Icon
8. Percentage of Total Entries
9. COMPLETED Entries Icon
10. Percentage of Total Entries
11. Audit Title
12. Horizontal Bar Chart
13. Number of Entries
14. Members with No Entries – click for details
..14.1. Number of Entries
..14.2. NO ENTRIES Icon
..14.3. Percentage of Total Entries
15. Members with Entries In Progress – click for details
.15.1. Number of Entries
.15.2. IN PROGRESS Entries Icon
.15.3. Percentage of Total Entries
16. Members with Completed Entries – click for details
.16.1. Number of Entries
.16.2. COMPLETED Entries Icon
.16.3. Percentage of Total Entries
17. Search/Filter Box
18. Download CSV File
19. Members Name
20. Members Level Access
21. Date Member Registered
22. Date Member Commenced Audit
23. Date Member Updated Audit
24. Days Since Last Activity on Entry
25. Members Organisation (where applicable)
26. Members Unique User Identification Number
27. Members Unique Entry Identification Number
28. Sort Order ASC/DEC all Headings
Applies to No Entries, In Progress & Completed
If you wish to see specific Compliance Intelligence metrics added, please CLICK HERE and let us know.
View real-time activity on yourself and whoever else you have the authority to monitor regarding compliance across all applicable audits in an Expanded View. You can also select to view and download a CSV based on the filtering condition you select and the queries you enter.
Analytics Data: The process of examining datasets to draw conclusions about the information they contain. Data analytic techniques enable you to take raw data and uncover patterns to extract valuable insights from it..
Audio Data: A binary representation of a sound. This data can be written to a binary file using an audio file format for permanent storage much in the same way bitmap data is preserved in an image file format..
Audio Visual Data: Electronic media possessing both a sound and a visual component, such as slide-tape presentations, films, television programs, videos recording devices.
Big Data: A field that treats ways to analyse, systematically extract information from, or otherwise deal with data sets that are too large or complex to be dealt with by traditional data-processing application software.
Biometrics Data: Body measurements and calculations related to human characteristics. Biometrics authentication is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.
Date Stamped Data: Similar to the Time Stamped Data but only shows the date instead of only the time or time and date.
Dark Data: Acquired through various computer network operations but not used in any manner to derive insights or for decision making. The ability of an organisation to collect data can exceed the throughput at which it can analyse the data.
Genomics Data: The Genome (The genetic material of an organism. It consists of DNA. The genome includes both the genes and the non-coding DNA, as well as mitochondrial DNA and chloroplast DNA.) and DNA data of an organism. They are used in bioinformatics for collecting, storing and processing the genomes of living things. Genomic data generally require a large amount of storage and purpose-built software to analyse.
High Dimensional Data: Data whose dimension is larger than dimensions considered in classical multivariate analysis. High-dimensional statistics relies on the theory of random vectors.
Machine Data: Information automatically generated by a computer process, application, or other mechanism without the active intervention of a human.
Marketing Data: The pool of information extracted from various touch-points and interactions between a customer and a brand. This data drives Marketing Analytics to evaluate the effectiveness of any Marketing Campaign and justify the Return on Investment (ROI) of these campaigns.
Open Data: Data which is freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control.
Operational Data: Integrate data from multiple sources for additional operations on the data, for reporting, controls and operational decision support. Unlike a production master data store, the data is not passed back to operational systems. It may be passed for further operations and to the data warehouse for reporting..
Real Time Data: Information that is delivered immediately after collection. There is no delay in the timeliness of the information provided. Real-time data is often used for navigation or tracking.
Semi Structured Data: Data that does not obey the tabular structure of data models associated with relational databases or other forms of data tables, but nonetheless contains tags or other markers to separate semantic elements and enforce hierarchies of records and fields within the data.
Spatiotemporal Data: Spatial refers to space. Temporal refers to time. Spatiotemporal, or spatial temporal, is used in data analysis when data is collected across both space and time. It describes a phenomenon in a certain location and time, for example: shipping movements across a geographic area over time. A person uses spatial-temporal reasoning to solve multi-step problems by envisioning how objects move in space and time..
Structured Data: Data created using a predefined (fixed) schema and is typically organised in a tabular format. Think of a table where each cell contains a discrete value.
Time Stamped Data: A time registered to a file, log, or notification that records when data is added, removed, modified, or transmitted.
Tracking Data: Data delivered by a combination of hardware and software, which when used together allows you to know where something is at any point in time.
Translytic Data: Enables on-demand real-time data processing and data reporting with new metrics not previously available at the point of action.
Unstructured Data: Information that either does not have a predefined data model or is not organised in a predefined manner. Unstructured information is typically text-heavy, but may contain data such as dates, numbers, and facts.
Unverified Outdated Data: Data that has been collected where nobody has any idea of it’s relevance, accuracy or purpose.
Verified Outdated Data: Data that has been collected where someone has an idea of it’s relevance, accuracy or purpose.
Visual Data: Graphical representation of data. By using visual elements like charts, graphs, and maps, data visualisation tools provide an accessible way to see and understand trends, outliers, and patterns in data.
Website Data: A variety of tools on websites that collect data using both cookies and javascript libraries. Cookies are small text files that store Internet settings from the websites you visit. They are widely used to make website features work, operate more efficiently, or improve the user experience on the site. Cookies are also used to remember the user preferences or personalise the content so that it is more relevant to them. Javascript libraries are snippets of codes which run on a web-page that are executed when certain actions take place..
Centralised Database: The personal data is stored at a centralised location and the users from different locations can access this data. This type of database contains application procedures that help the users to access the data even from a remote location. Various kinds of authentication procedures are applied for the verification and validation of end users, likewise, a registration number is provided by the application procedures which keeps a track and record of data usage. The local area office handles this thing.
Cloud Databases: Now a day, data has been specifically getting stored over clouds also known as a virtual environment, either in a hybrid cloud, public or private cloud. A cloud database is a database that has been optimised or built for such a virtualisation environment. There are various benefits of a cloud database, some of which are the ability to pay for membership access, storage capacity and bandwidth on a per-user basis, and they provide scalability on demand, along with high availability. A cloud database also gives enterprises the opportunity to support business applications in a software-as-a-service deployment.
Commercial Database: These are the paid versions of the huge databases designed uniquely for the users who want to access the information for help. These databases are subject specific, and one cannot afford to maintain such a huge information. Access to such databases is provided through commercial links.
Distributed Database: Opposite of the centralised database concept, the distributed database has contributions from the common database as well as the information captured by local computers also. The data is not at one place and is distributed at various sites of an organisation. These sites are connected to each other with the help of communication links which helps them to access the distributed data easily. You can imagine a distributed database as a one in which various portions of a database are stored in multiple different locations(physical) along with the application procedures which are replicated and distributed among various points in a network. There are two kinds of distributed database, viz. homogeneous and heterogeneous. The databases which have same underlying hardware and run over same operating systems and application procedures are known as homogeneous databases, for eg. All physical locations in a database. Whereas, the operating systems, underlying hardware as well as application procedures can be different at various sites of a database which is known as heterogeneous databases.
End User Database: The end user is usually not concerned about the transaction or operations done at various levels and is only aware of the product which may be a software or an application. Therefore, this is a shared database which is specifically designed for the end user, just like different levels’ managers. Summary of whole information is collected in this database.
Graph Databases: The graph is a collection of nodes and edges where each node is used to represent an entity and each edge describes the relationship between entities. A graph-oriented database, or graph database, is a type of NoSQL database that uses graph theory to store, map and query relationships. Graph databases are basically used for analysing interconnections. For example, companies might use a graph database to mine data about customers from social media.
NoSQL Database: These are used for large sets of distributed data. There are some big data performance issues which are effectively handled by relational databases, such kind of issues are easily managed by NoSQL databases. There are very efficient in analysing large size unstructured data that may be stored at multiple virtual servers of the cloud.
Object-Oriented Databases: An object-oriented database is a collection of object-oriented programming and relational database. There are various items which are created using object-oriented programming languages like C++, Java which can be stored in relational databases, but object-oriented databases are well-suited for those items. An object-oriented database is organised around objects rather than actions, and data rather than logic. For example, a multimedia record in a relational database can be a definable data object, as opposed to an alphanumeric value.
Operational Database: Information related to operations of an enterprise is stored inside this database. Functional lines like marketing, employee relations, customer service etc. require such kind of databases.
Personal Databases: Data is collected and stored on personal computers which is small and easily manageable. The data is generally used by the same department of an organisation and is accessed by a small group of people.
SQL Relational Databases: These databases are categorised by a set of tables where data gets fit into a predefined category. The table consists of rows and columns where the column has an entry for data for a specific category and rows contains instance for that data defined according to the category. The Structured Query Language (SQL) is the standard user and application program interface for a relational database. There are various operations that can be applied over the table which makes these databases easier to extend, joining two or more databases with a common relation will modify all existing applications.
A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of your organization.
Throughout all corners of the globe, compliance with the GDPR, or more accurately, compliance failures, has gained significant attention. Organisations need to respond to stakeholders’ concerns about personal data, and boards require self evaluation mechanisms addressing such concerns and meeting acceptable compliance standards.
Corporate Governance is the framework of rules and practices by which a board of directors ensures Accountability, Fairness, Independent Assurance, Leadership and Transparency in a Company’s relationship with its Stakeholder engagement (financiers, customers, management, employees, government, and the community).
This dashboard is designed to give you quick access to compliance audits based on personal activities and compliance. Following screenshot is a quick outline on the dashboard functions.
Audits without Entries and/or Statistics are shown as inactive. In the future should they be activated, the inactive symbol will be replaced with the corresponding active icon.
Complete your master Company Data Protection Compliance audit.
Company Data Protection Compliance is an ongoing process that needs to be embedded in everyday business practice.
The negative impact of non-compliance in most cases will result in financial loss and severe penalties including prosecution.
This Compact Audit determines whether the organisation has implemented adequate policies and procedures to regulate the processing of personal data. Additionally, the review will ensure that monitoring of personal data processing is carried out by such policies and procedures and identifying and controlling the risks to prevent data breaches.
It comprises 95 questions covering the following 17 primary business operational factors:
View real-time activity on yourself and whoever else you have the authority to monitor regarding compliance across all applicable audits in a Compact View. You can also select to view and download a CSV based on the filtering condition you select and the queries you enter.
While there are major benefits in using new technologies, organisations need to be aware of the potential challenges when utilizing biometric data in a fair, transparent and accountable manner.
Biometric horizontals, verticals and diagonals require to be addressed for their compliance with data privacy regulations.
Artificial Intelligence (AI) is technology that gives machines the power to perform specific tasks that normally require human intelligence such as visual perception, speech recognition, decision making, learning, and language translation.
A compliance approach to AI strives to ensure that human values are central to the way in which AI systems are developed, deployed, used and monitored, by ensuring respect for fundamental rights, which are united by reference to a common foundation rooted in respect for human dignity, in which the data subjects enjoy a unique and inalienable protection status by entities engaging in Artificial Intelligence (AI).
To assess whether a risk is a high risk, you need to consider both the likelihood and severity of the possible harm. Harm does not have to be inevitable to qualify as a risk or a high risk. It must be more than remote, but any significant possibility of very serious harm may still be enough to qualify as a high risk. Equally, a high probability of widespread but more minor harm, may still count as high risk.
You must make an objective assessment of the risks.The matrix below shows a structured way to assess risk. Your organisation may use a different method you can adapt for the same purpose.You may also want to consider your own corporate risks, such as the impact of regulatory action, reputational damage or loss of public.
| RISK LIKELIHOOD | 5 | MEDIUM | MEDIUM | HIGH | HIGH | HIGH | |||||
| 4 | LOW | MEDIUM | HIGH | HIGH | HIGH | ||||||
| 3 | LOW | MEDIUM | MEDIUM | HIGH | HIGH | ||||||
| 2 | LOW | LOW | MEDIUM | MEDIUM | MEDIUM | ||||||
| 1 | LOW | LOW | LOW | LOW | MEDIUM | ||||||
| RISK SCORE | 1 | 2 | 3 | 4 | 5 | ||||||
| RISK IMPACT | |||||||||||
Domain: audits.trustgdpa.com
Date: January 18, 2022
We firmly believe that the internet should be available and accessible to anyone, and are committed to providing a website that is accessible to the widest possible audience, regardless of circumstance and ability.
To fulfill this, we aim to adhere as strictly as possible to the World Wide Web Consortium’s (W3C) Web Content Accessibility Guidelines 2.1 (WCAG 2.1) at the AA level.
These guidelines explain how to make web content accessible to people with a wide array of disabilities. Complying with those guidelines helps us ensure that the website is accessible to all people: blind people, people with motor impairments, visual impairment, cognitive disabilities, and more.
This website utilizes various technologies that are meant to make it as accessible as possible at all times. We utilize an accessibility interface that allows persons with specific disabilities to adjust the website’s UI (user interface) and design it to their personal needs.
Additionally, the website utilizes an AI-based application that runs in the background and optimizes its accessibility level constantly. This application remediates the website’s HTML, adapts Its functionality and behavior for screen-readers used by the blind users, and for keyboard functions used by individuals with motor impairments.
If you’ve found a malfunction or have ideas for improvement, we’ll be happy to hear from you. You can reach out to the website’s operators by using the following email dpo@trustgdpa.com
Our website implements the ARIA attributes (Accessible Rich Internet Applications) technique, alongside various different behavioral changes, to ensure blind users visiting with screen-readers are able to read, comprehend, and enjoy the website’s functions. As soon as a user with a screen-reader enters your site, they immediately receive a prompt to enter the Screen-Reader Profile so they can browse and operate your site effectively. Here’s how our website covers some of the most important screen-reader requirements, alongside console screenshots of code examples:
1: Screen-reader optimization: we run a background process that learns the website’s components from top to bottom, to ensure ongoing compliance even when updating the website. In this process, we provide screen-readers with meaningful data using the ARIA set of attributes. For example, we provide accurate form labels; descriptions for actionable icons (social media icons, search icons, cart icons, etc.); validation guidance for form inputs; element roles such as buttons, menus, modal dialogues (popups), and others. Additionally, the background process scans all of the website’s images and provides an accurate and meaningful image-object-recognition-based description as an ALT (alternate text) tag for images that are not described. It will also extract texts that are embedded within the image, using an OCR (optical character recognition) technology. To turn on screen-reader adjustments at any time, users need only to press the Alt+1 keyboard combination. Screen-reader users also get automatic announcements to turn the Screen-reader mode on as soon as they enter the website.These adjustments are compatible with all popular screen readers, including JAWS and NVDA.
2: Keyboard navigation optimization: The background process also adjusts the website’s HTML, and adds various behaviors using JavaScript code to make the website operable by the keyboard. This includes the ability to navigate the website using the Tab and Shift+Tab keys, operate dropdowns with the arrow keys, close them with Esc, trigger buttons and links using the Enter key, navigate between radio and checkbox elements using the arrow keys, and fill them in with the Spacebar or Enter key.Additionally, keyboard users will find quick-navigation and content-skip menus, available at any time by clicking Alt+1, or as the first elements of the site while navigating with the keyboard. The background process also handles triggered popups by moving the keyboard focus towards them as soon as they appear, and not allow the focus drift outside of it.Users can also use shortcuts such as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
• Epilepsy Safe Mode: this profile enables people with epilepsy to use the website safely by eliminating the risk of seizures that result from flashing or blinking animations and risky color combinations.
• Visually Impaired Mode: this mode adjusts the website for the convenience of users with visual impairments such as Degrading Eyesight, Tunnel Vision, Cataract, Glaucoma, and others.
• Cognitive Disability Mode: this mode provides different assistive options to help users with cognitive impairments such as Dyslexia, Autism, CVA, and others, to focus on the essential elements of the website more easily.
• ADHD Friendly Mode: this mode helps users with ADHD and Neurodevelopmental disorders to read, browse, and focus on the main website elements more easily while significantly reducing distractions.
• Blindness Mode: this mode configures the website to be compatible with screen-readers such as JAWS, NVDA, VoiceOver, and TalkBack. A screen-reader is software for blind users that is installed on a computer and smartphone, and websites must be compatible with it.
• Keyboard Navigation Profile (Motor-Impaired): this profile enables motor-impaired persons to operate the website using the keyboard Tab, Shift+Tab, and the Enter keys. Users can also use shortcuts such as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
1: Font adjustments – users, can increase and decrease its size, change its family (type), adjust the spacing, alignment, line height, and more.
2: Color adjustments – users can select various color contrast profiles such as light, dark, inverted, and monochrome. Additionally, users can swap color schemes of titles, texts, and backgrounds, with over 7 different coloring options.
3: Animations – epileptic users can stop all running animations with the click of a button. Animations controlled by the interface include videos, GIFs, and CSS flashing transitions.
4: Content highlighting – users can choose to emphasize important elements such as links and titles. They can also choose to highlight focused or hovered elements only.
5: Audio muting – users with hearing devices may experience headaches or other issues due to automatic audio playing. This option lets users mute the entire website instantly.
6: Cognitive disorders – we utilize a search engine that is linked to Wikipedia and Wiktionary, allowing people with cognitive disorders to decipher meanings of phrases, initials, slang, and others.
7: Additional functions – we provide users the option to change cursor color and size, use a printing mode, enable a virtual keyboard, and many other functions.
We aim to support the widest array of browsers and assistive technologies as possible, so our users can choose the best fitting tools for them, with as few limitations as possible. Therefore, we have worked very hard to be able to support all major systems that comprise over 95% of the user market share including Google Chrome, Mozilla Firefox, Apple Safari, Opera and Microsoft Edge, JAWS and NVDA (screen readers), both for Windows and for MAC users.
Despite our very best efforts to allow anybody to adjust the website to their needs, there may still be pages or sections that are not fully accessible, are in the process of becoming accessible, or are lacking an adequate technological solution to make them accessible. Still, we are continually improving our accessibility, adding, updating and improving its options and features, and developing and adopting new technologies. All this is meant to reach the optimal level of accessibility, following technological advancements. For any assistance, please reach out to dpo@trustgdpa.com
