Subscribe to Sovy Compliance HubSM with
GDPR Privacy EssentialsSM

Sovy Privacy GDPR Essentials (Annual Subscription)

GDPR is now enforceable by law

Under the new law, millions of SMEs globally must handle personal data properly and be able to prove it

Country to country agreements enable enforcement

GDPR conveys distinct and explicit privacy rights to individuals

Sovy GDPR Privacy Essentials℠ subscription service: 

  • Gain access to the Academy and Compliance Hub's premium content
  • Identify and execute immediate actions required now to address the main aspects of the law---the "Do Nows"
  • Make a plan, and execute it, to do additional actions that are needed over time---the "Do Next’s"
  • Do periodic activities to maintain compliance, such as the annual assessment---the "Do Later’s"
  • Keep good records of your progress---the "Do Now", "Do Next",  "Do Later"

Getting Started

What to do How to do it What we provide
Know where you stand regarding the GDPR’s impact on your business procedures Understand your technical and operational gaps to do what’s expected by the GDPR Sovy Guided Interviews help you determine whether, and how, you need to comply with the GDPR
Make a plan to address GDPR for your company and implement it Determine which parts of the GDPR your company needs to comply with & take action on Sovy Compliance HubSM provides simple tools to make and manage your GDPR plan
Identify team members to address specific areas of the GDPR and assign tasks accordingly Determine who to involve from management, operations, technology and other business areas Sovy Guided Interviews determine your needs, including if you need a Data Protection Officer

Educate Your Team

What to do How to do it What we provide (details in tabs ↑)
Educate your employees and contractors about the GDPR and how to handle personal data Ensure employees and contractors complete training on the GDPR and handling data properly Sovy AcademySM provides basic GDPR training for all employees and contractors.
Provide tailored training for your Data Protection Officer or other personnel responsible for handling personal data Ensure personnel that handle sensitive data (e.g., DPOs, Human Resources, IT) are properly trained Sovy AcademySM provides advanced GDPR and data handling training for personnel that handle sensitive data
Keep good records and evidence of education and training activities for all employees and contractors Track and maintain records on the status of GDPR training for all your team Sovy tracks students’ progress and providing completion certifications
Ensure your employees & contractors have reviewed and understand your company policies Provide information on your company’s policies to your team so that they are aware and trained Sovy AcademySM & Sovy Information Notice Tools will ensure your team members are aware of your company’s policies

What to do How to do it What we provide (details in tabs ↑)
Ensure your trading partners (suppliers, vendors, online data processors) are educated about GDPR and can assure you they handle personal data properly Get confirmations from your trading partners, and supply chain, that they handle personal data properly. Ensure you can track confirmations received Membership to Sovy Compliance HubSM provides tools to help you work with, and track, your trading partners assurances on data handling
Stay up to date on changes to GDPR, local interpretation and emerging regulations Identify updates to the GDPR, local interpretations and emerging regulations Members receive news and insights regularly via Sovy Compliance AdvisorSM
Ensure annual training and compliance obligations are met, especially as business operations change Provide training to meet annual compliance obligations and updated training as business operations change Sovy AcademySM provides basic & advanced GDPR training for all employees and contractors.
Keep good records and evidence of education activities Track and maintain records on the status of GDPR training for all your employees and contractors Sovy automates record-keeping by tracking students’ progress and providing completion certifications

Easy to Read Notices

What to do How to do it What we provide (details in tabs ↑)
Understand and be able to explain in simple language your legal grounds for processing personal data Identify current processing and the legal grounds for each use of personal data and be able to explain it clearly Sovy provides the tools to help you determine, and communicate your legal grounds for processing personal data
Create a record of your business’ personal data processing activities Identify and document how your business gathers and processes personal data Sovy guides you through the processes to identify and document how you handle personal data
Communicate an easy to read public-facing GDPR-compliant privacy notice Create an easy to read, tailored privacy notice to inform your customers at each point of data collection Sovy automates the creation of a customized, easy to read privacy notice for your customers
Create and follow a GDPR-compliant personal data breach response and notification procedure Identify processes your business will follow in the event of a data breach, including procedures to notify your clients of the event Sovy creates an easy, customizable, procedure in the event of a personal data breach and helps you coordinate your notification process

What to do How to do it What we provide (details in tabs ↑)
Keep records of current and prior policies as part of your compliance program Ensure your data handling procedures and policies are properly documented and readily accessible Sovy’s Compliance Hub documents, records and enables easy access to your policies
Be able to respond to requests from data subjects and authorities in a clear, comprehensive, and timely manner Understand what each request requires from you, and present the information as the GDPR requires Sovy helps you catalogue and respond appropriately and in a timely manner to requests from customers and DPAs
Ensure that all policies and information notices are up to date with current processing activities Review and update policies and notices to meet annual compliance obligations and operational changes Sovy lets you access, review, and edit your policies and notices, and then updates the changes on your site

Cookie Consent Management

What to do How to do it What we provide (details in tabs ↑)
Understand the cookies you collect and process, and which ones are GDPR-relevant Identify all plug-ins and cookies your site uses, and classify them by processing activity defined by the GDPR We examine all cookies used on your website, and categorize them according to GDPR-defined classes
Present the cookies you collect to the user in a clear and simple way, and let them modify their consent. Describe what each cookie does in a user-friendly way, and allow site users to modify their consent. We provide a built-in consent manager that describes your cookies and enables users to modify their consent

What to do How to do it What we provide (details in tabs ↑)
Make sure your cookie consent notice reflects any changes and technologies Perform periodic review of all new plug-ins or technology and update your cookie notice accordingly Sovy Cookie Consent Manager℠ periodically scans and automatically updates your notice to incorporate any changes.

Improve Security

What to do How to do it What we provided (details in tabs ↑)
Analyze your website for security issues in your infrastructure and at personal data collection points Inventory the technical components used and whether they have security vulnerabilities Sovy GDPRinspectSM deconstructs your site and identifies security issues and solutions
Make sure that personal data is protected end-to-end within your business infrastructure Assess all technical infrastructure that handles personal data for business and fix vulnerability issues Sovy guides you through a technical infrastructure analysis to identify security gaps and find affordable solutions

What to do How to do it What we provide (details in tabs ↑)
Verify that all security technologies are up to date and adequately protective Perform a periodic review of your technical infrastructure to ensure it meets the industry standard Sovy keeps track of the technologies you use and notifies you when there’s a new update or a better substitute
When selecting or implementing new systems, verify that they abide by Privacy by Design and Default Determine whether each technology allows you to protect, audit, and minimise data effectively and at scale Sovy provides you with a guide to assessing technologies for compliance with Data Protection by Design and Default

Sovy GDPR Privacy Essentials℠ subscription service: 

  • Provides periodic training tailored to your business
  • Tracks progress and awards certificates upon completion
  • Supplies expert guidance to stay current with changing requirements
  • Tracks the overall progress of your organization towards GDPR training goals

 


 

Who should take the GDPR Essentials training?
All employees and contractors are advised to take the Basic Training courses. Managers and professional staff (e.g., Data Protection Officer, HR, IT, etc.) should take both the Basic and Advanced Training courses.

 

This course contains the following modules:
 Basic GDPR Training

  • What is the General Data Protection Regulation?
  • GDPR in Action
  • Privacy Shield
  • International Data Transfers

 Advanced GDPR Training

  • The GDPR and HR
  • The GDPR and IT
  • The GDPR and Procurement
  • The GDPR and Marketing
  • The GDPR and the Supply Chain
 

Video Screen: What is the GDPR, and why is it important?
Text & Image Screen: Who are the key players in the GDPR? Data controllers, data processors, and data subjects.
Interactive Screen: How does the GDPR protect personal data? Data controllers, processors, and subjects. Consent and privacy statements.
Scenario: Real-life scenario covering subject access requests, investigating and enforcing of the GDPR, and penalties for breaching the GDPR.
Key Learning: Dealing with Subject Access Requests (SARs). Each member state has a Supervisory Authority (SA). Function of SA. Organizations can be fined up to 4% of annual global turnover or €20 million, whichever is greater, for breaching the GDPR.
Scenario: Transferring data between EU countries.
Key Learning: Before you can even consider a transfer, you must be sure the collection and processing of any personal data comply with the principles of the GDPR.
Assessment: Five-question quiz on the content presented in this topic.

Interactive Screen: Personal data. Privacy by design and default. Standardized data protection rules. Personal data transferred to countries outside the EU and the EEA.
Interactive Screen: Breach notification. Right of access. Right to be forgotten. Data portability. Right to object.
Scenario: Real-life example around transferring data from the EU to the US.
Key Learning: Personal data can only be transferred if all the data protection principles concerning its collection, processing, and transfer are met. For transfers to countries outside the EU and the EEA, an adequate level of protection must be assured by the third country.
Assessment: Five-question quiz on the content presented in this topic.

Text & Image Screen: Overview of the Privacy Shield Framework.
Interactive Screen: Seven Privacy Shield principles.
Scenario: Real-life scenario around preparing for certification into the Privacy Shield Framework.
Key Learning: Privacy policy notices. Explicit consent. Rights of data subjects.
Scenario: Real-life scenario around adhering to the requirements of Privacy Shield.
Key Learning: To transfer data outside the EU/EEA, you need to ensure an adequate level of protection. The Privacy Shield Framework for data transfers provides a certification scheme for US companies. It also retains and clarifies some existing transfer mechanisms.
Assessment: Five-question quiz on the content presented in this topic.

Video Screen: GDPR restrictions on transferring personal data to third countries.
Interactive Screen: Seven Privacy Shield principles.
Scenario: Real-life scenario around preparing for certification into the Privacy Shield Framework.
Key Learning: Privacy policy notices. Explicit consent. Rights of data subjects.
Scenario: Real-life scenario around adhering to the requirements of Privacy Shield.
Key Learning: To transfer data outside the EU/EEA, you need to ensure an adequate level of protection. The Privacy Shield Framework for data transfers provides a certification scheme for US companies. It also retains and clarifies some existing transfer mechanisms.
Assessment: Five-question quiz on the content presented in this topic.

Interactive Screen: How does the GDPR impact the role of HR professionals? Deal with high-levels of employee personal data on a regular basis. Deal with queries from staff on the GDPR.
Scenario: Real-life HR scenario on protecting employee personal data.
Key Learning: We all have a responsibility to protect any personal data we handle. Consequences of breaches. Reporting requirements and reporting channels.
Scenario: Real-life HR scenario on sharing employee personal data.
Key Learning: Personal data should only be shared when it is relevant and appropriate for the required task. When sharing data, always use the most secure method available.
Assessment: Five-question quiz on the content presented in this topic.

Interactive Screen: How does the GDPR impact the role of IT professionals? Tasked with protecting high-levels of personal data
Interactive Screen: Protecting personal data. Data Privacy Impact Assessments. Privacy by design. Privacy by default. Security of processing. Principle of least privilege.
Scenario: Real-life scenario on best ways to protect the personal data we hold.
Key Learning: We all have a responsibility to prevent breaches. Consequences of breaches. Reporting requirements and reporting channels.
Assessment: Five-question quiz on the content presented in this topic.

Interactive Screen: How does the GDPR impact the role of procurement professionals? Deal with suppliers and third-party vendors on a regular basis. Must ensure that any personal data shared with suppliers and vendors is protected in line with GDPR requirements.
Scenario: Real-life procurement scenario on protecting personal data when dealing with third-party vendors.
Key Learning: We all have a responsibility to protect any personal data we handle. Consequences of breaches. Reporting requirements and reporting channels.
Scenario: Real-life procurement scenario on sharing personal data with outside organizations.
Key Learning: Personal data should only be shared when it is relevant and appropriate for the required task. When sharing data, always use the most secure method available.
Assessment: Five-question quiz on the content presented in this topic.

Interactive Screen: How does the GDPR impact the role of marketing professionals? The impact of the GDPR on how we collect and use personal data for marketing purposes. Explicit consent – opt in, not opt out.
Scenario: Real-life scenario around collecting personal data during a marketing campaign.
Key Learning: Under the GDPR requests for consent must be provided in an easily accessible form, must be written in plain language, and must clearly state how any personal data collected will be processed or held. Companies can’t rely on silence, pre-ticked boxes, or inactivity as a basis for consent.
Scenario: Real-life scenario around using the personal data collected during a marketing campaign.
Key Learning: Key Learning: Personal data collected for a specific reason must not be reused for other purposes that are incompatible with the initial one to which the data subject consented, regardless of where the processing takes place.
Assessment: Five-question quiz on the content presented in this topic.

Interactive Screen: How does the GDPR impact the supply chain? Define third parties. Examples of third parties. We must ensure compliance with the GPDR throughout our supply chain.
Interactive Screen: Third-party due diligence. Proactive governance of third-party data processors. Privacy Impact Assessments. Data processing agreements.
Scenario: Real-life scenario on engaging a new supplier and the steps required to ensure compliance with the GDPR.
Key Learning: We are ultimately responsible for any personal data processed in our supply chain. We must ensure adequate, secure procedures are in place and that any third parties have policies in place to protect personal data. Breach notification procedures must also be in place.
Assessment: Five-question quiz on the content presented in this topic.

Easy-to-Read Privacy and Information Notices: 


Articles 12-14 of the GDPR affect the types and presentation of information you need to provide to your website visitors and customers.

  • Present only relevant information in a shorter privacy notice at the time of collection
  • Include more information around the types of data you process and why
  • Disclose to your users how you use their data, particularly if you use automated processes
  • Allow an easy mechanism for users to opt-out of certain processing activities
  • Be clear, concise, and transparent in every communication

 

 

What you get:

  • Access to public-facing documentation templates including a Privacy Notice, Cookie Policy, and Data Breach Notification Letter, all written for GDPR compliance and customised to fit your business
  • The ability to liaise in real-time with customers and data protection authorities through the Hub, and track communications and timestamps
  • Tailored guidance on implementing and designing your own notices and documents
 

Sovy’s Cookie Consent Manager: The ePrivacy Regulation and GDPR change how you need to manage website visitors’ cookie consents.

You need to:

  • Classify cookies your site uses into four categories prescribed by the Commission
  • Describe the cookies you use in clear and simple terms
  • Enable users to opt-out of cookies that aren’t “Strictly Necessary”

 

Sovy Cookie Consent ManagerSM enables businesses to customize a banner and information notices for their web sites

 

 

What you get:

  • Classify and Display Cookies
  • Manage Opt-In and Opt-Out
  • Take Action to Manage Rights
  • Uses Clear and Simple Terms
  • Links to Privacy Policy
  • Easy-to-Use Studio
  • Tailored Website Colors
  • Multi-Lingual
  • Secure Forms
  • Easily Deployed

 

Handle Data Properly:

The GDPR imposes new obligations on how to handle personal data you collect, store and process

You need to:

  • Map and inventory all personal data flows, including the recipients and geographic locations of the personal data.
  • Implement rights enablement on the back-end of your business (access, deletion, rectification, etc.)
  • Ensure that all recipients and collection points of personal data are both legally and operationally compliant.
  • Implement privacy by design in each of your processing activities

 

 

 

What you get:

  • GDPRinspectSM, an automated tool that evaluates your website’s data collection points and infrastructure for compliance issues and helps you fix any gaps
  • Sovy Compliance HubSM to centralise your contracts, documentation, and personal data records for better mapping, inventory and presentation to authorities and clients.
  • Rights management through the Sovy Consent ManagerSM (enables and tracks rights requests) and the Hub (records and manages your internal tracking and responses).
  • Documentation to describe and guide you through evaluating your processes for data privacy by design and default
 

Improve Security:


GDPR articles 25, 32, and 35 impose additional requirements on establishing security by design and default in your personal data processing activities.

  • Impose strict access controls on your employees on a need-to-know basis
  • Have all employees that handle personal data commit to ongoing training and education
  • Conduct data protection impact assessments (DPIAs) before implementing any new processing activities that handle potentially risky or large-scale data
  • Make sure all security is up-to-date and follows the industry standard. Use encryption and pseudonymization/anonymization where possible


 

What you get:

  • GDPRinspectSM assesses personal data handling and identifies security issues present in your internet-facing technology, and recommends actions
  • Ongoing periodic scans identify changes in data handling and security measures
  • Training and education for GDPR compliance, with recordkeeping and evidence
  • Tailored guidance on how to perform actions required by the GDPR, such as conducting Data Privacy Impact Assessments and maintaining proper records of adverse personal data events, breaches and individual rights requests

Subscribe to Sovy Compliance HubSM with GDPR Privacy EssentialsSM

Category: Annual Subscription