Getting started with the GDPR software

Directory menu & Client Administration : this article provides a step-by-step framework for setting up the GDPR software.

Overview

The order given here is a recommendation, and one that we know works. Depending on the structure and size of your organization, in some cases you may find a slightly different order works best for you.

Links are provided to full articles when applicable.

For a brief explanation of terms frequently used in our articles and in the software, consult our glossary.

Step 1: Create your entity

The very first step is to create your entity.

  • In the sidebar, click Directory > Entity and complete the form.

If your entity has several business activities, enter each one in the New activity field. This will allow you to generate a separate record for each business activity.

Step 2: Does your entity require a DPO?

Not all entities require a Data Protection Officer. The DPO questionnaire will guide you to help you make the right decision for your entity. The page also includes reminders on key GRDP rules concerning DPOs.

  • In the sidebar, click Directory > DPO and complete the questionnaire. If you choose a DPO, enter their contact details.

Step 3: Create the users

The users of the GDPR software are created in the back office.

  1. To access the back office, in your profile menu, select Client administration.

2. In the Client administration menu, select Users.

Find out more: Setting up users and roles.

Step 4: Assign roles to the users

Each user requires at least one role in one entity to access the GDPR software. A role consists of a set of permissions that allow a user to perform specific tasks in one or more entities, such as creating or editing processing activities, editing repositories, etc. The GDPR software comes with 6 preset roles. You can use these roles as provided, modify them, or create your own from scratch.

  1. To access the back office, in your profile menu, select Client administration.

  2. In the Client administration menu:

  • Select Roles to create or modify roles.

  • Select Assignment to assign roles to users.

Find out more: Setting up users and roles.

Step 5: Create the divisions and assign the users

Divisions are used to restrict user access to specific processing activities. By assigning a user to one or more divisions, they will be able to access the processing activities assigned to those divisions only. The precise type of access (add, update, delete, etc.) will depend on the user’s permissions.

The “See all processing in all divisions permission gives a user access to all processing activities without having to assign them to divisions.

 

The GDPR software is delivered with a set of default divisions that you can activate (default divisions cannot be deleted or renamed). You can also create new ones.

Once a division is created or activated, you can assign users to it. The processing activities will be assigned when they are created or afterwards.

  • In the sidebar, click Directory > Divisions.

Step 6: Create the repositories

Repositories are used to record information on sites, departments, contacts, areas, third parties and software. Once in the repository, the information can be easily retrieved and added to processing activities.

While all the repositories are designed according to the same principle, the amount of information you can enter varies greatly. For instance, the software repository contains multiple tabs that allow you to enter a wide range of information, whereas adding an area to the areas repository simply consists in entering a name.

  • Departments, contacts and areas must be added to their respective repositories before you begin to create processing activities.

  • Sites, third parties and software can be added as you create a processing activity, but you’ll save time by creating the repositories first. 

 

You don’t have to complete all the fields in a repository to start creating processing activities! The articles referred to below (in “Find out more”) describe the essential fields for each repository. You can complete the other fields at a later time.

We recommend creating the repositories in the order they appear in the menu, but you can follow a different order. The only requirement is that you create the Departments repository before you create the Contacts repository.

  • In the sidebar, click Repositories and select a repository.

Step 7: Create the processing activities

Processing activities lie at the core of the GDPR. The GDPR software will guide you to ensure that your processing activities are compliant.

The software comes with a range of standard processing activities that are specially designed for your industry. To edit these processing activities you must activate them first (inactive processing activities do not appear in the record).

You can also create processing activities from scratch.

If you entered several business activities when you created your entity (in Step 1), they will appear in the Identification section of the processing activity, in the Activity within the entity box (in Article 30 mode, click the box to activate it). Selecting the business activity will allow you to create a separate record for each one.

  • In the sidebar, click Processing.

Step 8: Generate a record

The record of your processing activities is designed to show why and how personal data is being processed by your entity.

You can filter a record by Data controller/Processor, mode (Article 30/Extended), area(s), status(es), time period, and business activity (if your entity has several business activities).

Then download the record as an Excel or pdf file.

  • In the sidebar, click Record.