2024
      Back to home
      1. Help desk
      2. Release notes
      3. 2024

      What's new in version 6.0

      Enter the dimension of smart compliance with our major new version! Discover our AI assistant, our module for monitoring the risks of processing and our new data categories reference system.

      These features will be available from Wednesday January 31th, 2024 - 8pm 

      Summary


      DLD AI Assistant


      We are proud to present this major innovation in our GDPR software: the DLD AI Assistant.

      This new feature acts as a data protection specialist, available on a daily basis to facilitate your use and assist you in implementing your GDPR compliance.

      The AI Assistant embodies a set of advanced features within the GDPR software, powered by generative AI technologies.

      This major integration allows you to accomplish your data protection tasks more quickly and efficiently, thus optimizing your compliance processes.

      More specifically, our AI Assistant assists you in the following tasks:

      Create your processing form from a simple prompt

      When you create a processing, you now have the choice between creating “from scratch” (the “classic” way of creating your processing) and creating “with AI assistant”.

      Simply describe your process in a few words, and the AI Assistant generates a proposal for a processing sheet.

      The Assistant IA uses AI generative technologies to analyze and understand your specific needs and suggest relevant information.

      And creates a proposed processing sheet for you containing all the essential elements, in particular:

      • Those responsible for processing: Identification of the departments and persons responsible for data processing.
      • The purposes and methods of processing: Clarification of the objectives of the processing, accompanied by a detailed description of its methods.
      • The legal bases: Determination of the legal grounds justifying the processing of the data.
      • The categories and types of data processed: Classification of the data processed with their specific categories and types.
      • The rights of the data subjects: Details of the rights applicable to the data subjects, as well as the means and channels for exercising them.
      • The recipients of the data: List of internal and external recipients, including subcontractors.
      • The security measures: List of the security measures put in place to protect the data.
      • The data media: Listing of the application media (software, etc.) and hardware (servers, etc.) used for processing.
      • Supervisory recommendations: Advice to improve the management and security of data processing.

      Then all you have to do is follow the guide!

      • Step 1: Check the information proposed by the AI, choose to keep it (or not) or replace it with an approximate value from your reference system (in case the AI has not identified it beforehand)
      • Step 2: Create your new reference system entries identified by the AI with a single click
      • Step 3: You are now ready to create your Processing!

      The results are impressive! At the end of the process, your processing is in compliance with Article 30 in 80% of cases!

      For more advice on how to get the best results, feel free to consult our dedicated article: L'ASSISTANT IA DLD

      Even if this functionality is very effective, we recommend that you check the information provided. This will enable you to ensure its relevance before adding it to your repositories and your processing.

      From each of your processes, you have access to your DLD AI Assistant, which allows you to access various features. Each of them will save you precious time and allow you to focus on managing your compliance.

      Automatically generate your information notice relating to your processing

      Save valuable time by asking our IA assistant to draft an information notice in a format that complies with Article 13 of the GDPR, based on all the information in your processing sheet.

      Copy it to use in your documents or export it in PDF format to make it available to data subjects.

      And what about your Accountability? One action allows you to attach it to your processing.

      This feature quickly becomes essential! But remember to review the message before publishing it to ensure that it contains the messages you want to convey.

      Generate a summary of your processing form

      If you need to summarize your processing in a few lines for use in your documents or to send to your contacts, our Assistant IA will do it for you in a few moments:

      Generate an analysis of the risks associated with the processing, as well as recommendations on its compliance

      This feature provides you with a summary of the identified risks (use of sensitive data, transfers outside the EU, AIPD risk criteria, etc.) as well as suggested actions to bring processing into compliance.

      The generated result can then be reused to work on the identified elements with the business teams.

      However useful it may be, this functionality will not replace your expertise in analyzing a processing and bringing it into compliance! So don't hesitate to use the risk management functionality of the processing module and build your own associated action plan.

      Processing, manage your risks

      Another major new feature of this version 6.0 is our tool for analyzing the risks of your processing.

      Smart analysis of the sensitivity of your processing

      Our intelligent engine determines its level of sensitivity according to the data entered in your processing.

      In total, we evaluate 15 risk criteria grouped into 6 themes:

      • Lawfulness
      • Data sensitivity
      • Transparency and rights
      • Data flow
      • Security
      • Data protection impact assessment

      Each criterion evaluated has a sensitivity level: Low, Moderate, Significant, High.

      The evaluation of all the criteria allows us to determine a sensitivity level for your processing.

      Assess your risk management

      For each risk criterion identified by our intelligent engine, you can assess your control of the risk by completing the checklist we provide.


      This can be accessed by clicking on the “Analysis” action available for each of the identified risk criteria:

       

      How do I complete the risk criterion checklist?

      You can either

      • directly validate each control point if you consider that they have been met,
      • or if an element requires verification, implement an associated action.

      In the second case, the control point cannot be validated until the action has been carried out.

      You must be a “Validator” of the processing to carry out the evaluation of the checkpoints for each of your criteria. Editors have read-only access to this part.

      As you complete your checklists, the risk criteria evaluation table is updated and allows you to see the progress of your evaluation.

      In the example below, we can see that:

      • All the checkpoints for the first 4 risk criteria have been validated.
      • 2 actions are in progress on the last criterion “Sensitive data”.

      In the upper part of the interface, you also have a summary by topic.

      In the example below:

      • 3 risk criteria have been identified in the “License” section and all the associated checkpoints have been validated (green check).
      • 2 risk criteria have been identified in the “Transparency and rights” section, but checkpoints remain to be validated to complete the risk management of this section (“Caution” icon).

      Follow-up of actions taken

      The “Actions undertaken” tab of the table allows you to follow the status of actions undertaken on this processing as part of risk management.

      Level of risk management for your processing

      As you check and validate the control points for each of the identified risk criteria, our engine assesses the overall risk management of your processing.

      You will find this information in the top right-hand corner of the interface. This shows you:

      • The Gross Risk: This is the level of risk identified in the processing (-> corresponds to the level of sensitivity detected)
      • The Net Risk: The more you ensure the control of your risks by completing the checkpoints for each of the identified risk criteria, the greater your control and the lower your Net Risk (or Residual Risk).
      • The Number of actions currently undertaken and the number of actions completed
      • The level of risk control of your processing: The level of control is assessed according to your ability to reduce the residual risk (Net Risk) in relation to the initial assessment (Gross Risk)

      New data category repository

      The arrival of this new version also marks the consolidation of your data (typologies) and your data categories in a brand new repository of manageable data categories.

      From the Repository menu, find the new Repository of data categories:

      From this interface, you can administer your data categories and the data associated with them.

      ata categories proposed by default:

      We have reviewed the standard categories offered in the application and proposed a more complete and comprehensive set of data categories. The associated data typologies have also been reviewed and supplemented.

      Data category Description Sensitivity

      Identification data

      Information that allows the direct identification of a natural person and personal or professional contact details

      		 Current

      Professional life

      Information related to the professional environment

      		 Current

      Personal life

      Information relating to the private environment, intimacy and personal behavior

      		 Current

      Economic and financial information

      Information related to personal finances

      		 Current

      Location data

      Information related to the geographical location

      		 Current

      Connection data

      Information related to the technical identification of a natural person

      		 Current

      Browsing data

      Information related to behavior on the internet

      		 Current

      Transaction data

      Payment information

      		 Current

      Criminal conviction and offense data

      Personal data relating to criminal convictions, offenses and related security measures

      		 Highly personal

      Geolocation data

      Data derived from technology that makes it possible to determine a person's location with a certain degree of accuracy.

      		 Highly personal

      Bank details

      Bank details are the elements used to identify a bank account.

      		 Highly personal

      National identifiers

      Identification data assigned to a single citizen

      		 Highly personal
      Health data

      Data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status

      		 Sensitive

      Biometric data

      Personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data

      		 Sensitive

      Genetic data

      Personal data relating to the hereditary or acquired genetic characteristics of a natural person which give unique information about the physiology or health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question

      		 Sensitive

      Racial or ethnic data

      Personal data revealing alleged racial or ethnic origin

      		 Sensitive

      Political data

      Personal data revealing a person's political opinion

      		 Sensitive

      Religious or philosophical data

      Personal data revealing a person's religious or philosophical beliefs

      		 Sensitive

      Trade union data

      Personal data revealing a person's trade union membership

      		 Sensitive

      Data on lifestyle or sexual orientation

      Personal data revealing a person's sex life or sexual orientation

      		 Sensitive

      Case of multi-entity environments:

      When you have a multi-entity environment, the default data categories and typologies are made available to all your entities from your main entity (parent entity at the top of your tree structure). These categories can only be administered by a user with administration rights for the data category repository on your main entity.

      The administrators of the child entities will be able to create new data categories for their entity, and also add data typologies to the standard data categories. The visibility of these will be restricted to their entities and possibly to those of their children if they decide to activate inheritance.

      Create a data category

      From the data categories reference system or from your Processing, you have the option of creating a new data category.

      When you create this new category, a window will appear, prompting you to:

      • Enter its name
      • Define its level of sensitivity: Common, Sensitive or Highly personal
      • Its description
      • The data (typologies) associated with it
      • Activate inheritance: Activating inheritance will make this new data category visible to the child entities of the entity where it was created.

       

      View a data category

      When you consult a data category from the repository, you will find the main information on your data category: its level of sensitivity and its description.

      By selecting the “Data” tab in the left-hand menu, you can view all the data types associated with your data category:

      You can also view the items with which your data category is associated:

       

      Advanced operations available on the data categories:

      From the “more actions” menu available in the page header of the data category, you have a set of “advanced” actions available for your data category:

      • Delete the data category
      • Merge/Replace
      • Activate/Deactivate inheritance of your data category

      These operations are known as advanced because they have a potentially significant impact on the processing of your entity and the entities for which you have disseminated your data category.

      Delete a data category

      When you delete a data category, the category and its associated typologies are automatically deleted from the various objects with which they were associated. This concerns the processing, software and third parties of your entity and all those that inherit this category (in the case of a multi-entity tree structure).

      Before finalizing the operation, a message will warn you of the consequences of your action and will list the objects that will be impacted:

      Merge/Replace a data category


      The Merge/Replace action allows you to consolidate several data categories into a single data category.

      • Merge: Creation of a new data category from 2 data categories. The typologies are consolidated in the data category resulting from the merge.
      • Replace: Replacement of a data category by another category with the possibility of “matching” the data typologies.

      These actions will be particularly useful in facilitating the consolidation of your data category repository following the migration that we are about to carry out.

      Our migration operation will consolidate within this new repository all the data categories that you have created in your processing.

      We have attached particular importance to identifying identical data categories and consolidating them into a single repository data, but it is possible that you will find duplicates at the end of the migration related to categories that we could not consolidate due to a difference in spelling, for example.

      Thanks to the merge and replace functions, you will be able to refine your repository and make it optimal.

      If you encounter any difficulties or have any specific questions on this subject, please do not hesitate to contact your CSM.

      Merge 2 data categories:

      When you  choose this option, the application prompts you to select the category you want to merge with.

      You can then define the properties of the new data category that will result from this merger. By default, the information from the category from which you initiated the merge action is entered in the fields of the new category.

      In the data part, the data typologies of the 2 categories are included. You can choose to delete all or part of these typologies. In this case, they will not be included and will be permanently deleted (including from your processing).

      If the data categories are linked to objects in the application, an insert will indicate the corresponding impacts.

      Replace a data category with another category:

      When you  choose this option, the application prompts you to select the category you want to replace your data category with.

      In the example below, we want to replace category A with category B.

      During the replacement operation, category A data will be deleted if they are not consolidated in an existing category B data typology.

      To avoid this deletion, we allow you to associate each of the typologies of the data category that is going to be replaced with an existing typology of the replacing category.

      In the same way as for the merge operation, if the data categories are linked to application objects, a box will indicate the corresponding impacts.

      Activate/Deactivate the inheritance of your data category

      In the case of a multi-entity organization, you have the option of activating or deactivating inheritance for each of the data categories that you administer.

      Activating inheritance will make your data category visible to your child entities.

      Disabling inheritance will remove the data category from all the elements to which it was linked in your child entities. This operation should therefore be used with caution.

      New data typology repository

      The data typologies have been consolidated in a new repository directly linked to the data categories repository.

      Each data typology is associated with a data category.

      From a data category, you can consult the list of associated data:

      And create new typologies from this view:

       

      Case of data categories inherited from a parent entity (multi-entity):

      You will be able to add a data typology to a data category inherited from an entity. This will then only be visible to your entity and possibly to your child entities if you wish to activate inheritance on this typology.

      Advanced operations available on data typologies:

      These operations are said to be advanced because they have a potentially significant impact on the processing of your entity and the entities for which you have disseminated your data typology.

      • Delete a data typology

      From the “more actions” menu available in the data table, you can delete a data typology

      The deletion of several typologies en masse is also possible by selecting several data.

      Deleting a data type will have consequences for the objects to which it is linked. A warning message will be displayed before you confirm the deletion.

      • Merge a data typology

      By selecting several types of data in the table, it is possible to merge the selected types into a single value:

      By choosing the “Merge” option, a new window will allow you to define the name of the new data typology, which will result from the merger.

      This action will be particularly useful in facilitating the consolidation of your data typology repository following the migration that we are about to carry out.

      Our migration operation will consolidate within this new repository all the typologies that you have created in your processing and associate them with the corresponding data categories.

      We have attached particular importance to identifying identical data typologies and consolidating them into a single repository data, but it is possible that you will notice duplicates at the end of the migration related to data that we could not consolidate due to a spelling difference, for example.

      Thanks to the merge functionality, you will be able to refine your repository and make it optimal.

      If you encounter any difficulties or have any specific questions on this subject, please do not hesitate to contact your CSM.

      Note: This feature is not available for data types inherited from another entity.

      • Activate/Deactivate the inheritance of your data typology

      By clicking on a data typology that you have previously created, a window allows you to consult the information of your typology.

      You can modify its name, consult the elements with which your typology is associated and activate or deactivate the inheritance of this data (only in a multi-entity organization):

       

      L

      Enabling inheritance will make your data visible to your child entities.

      Disabling inheritance will remove the data from all the elements to which it has been linked in your child entities. This operation should therefore be used with caution.

      Use of your new data repositories and data categories in your processing, and your software and third-party repositories

      We have minimized the impact of these new benchmarks on your processing, and your software and third-party benchmarks.

      Processing

      Data categories

      In the Data tab of your Processing, you will find a list of your selected categories and can add a new data category using the action provided for this purpose.

      A window will then open, allowing you to select an existing data category or create a new one:

      Data typologies

      Adding a data typology to your processing follows the same principle. By entering the data category, only the typologies associated with this category are offered to you. You can create a new typology if it is not available among the choices offered.

       

      Coming soon: We are finalizing the visual redesign of the Processing data page. You will soon discover a new page with a completely redesigned layout and new features.

      Software

      In the Content section, you can manage the data categories associated with your software:

       

      Third-Parties

      In the same way as for your software, you can manage your data categories associated with your third parties from the Content section: