Master the GDPR Compliance Checklist with Pryv.io

Master the GDPR Compliance Checklist with Pryv.io

It’s not news: from two years already, if you’re a company operating with EU citizens personal data, you have to comply with the GDPR (General Data Protection Regulation). Effective since 25 May 2018, the regulation sets out a number of legal obligations to be met in terms of privacy requirements and generous fines to be paid for those who don’t play by its rules. Yet in spite of its not-so newness, a lot of questions are still arising when it comes to GDPR compliance: how to achieve it? Where to start? How to leverage its requirements into a competitive advantage?

 Master the GDPR Compliance Checklist with Pryv

While lots of companies see the GDPR as a boring legal conundrum to solve, it is actually one of the best frameworks you can use to flourish and scale up your business. That is of course, assuming you do it smartly; we bet you would rather use your resources to enhance your application than have them stuck finding a way to answer on the user’s rights on their data: how to execute their consent, where to store their data… getting a copy of the data ready, process to delete it? At the end of this article, you’ll be the one ready to master your GDPR compliance and know how Pryv.io’s capabilities can help you thrive in the blooming personal data economy.

GDPR 101: a checklist to achieve compliance

To make it easier for companies to navigate the storm of the GDPR data protection and privacy requirements, the gdpr.eu website provides easy-to-understand, compliance guidance through a variety of digital content aiming at explaining and/or highlighting the specifics of the regulation. Especially, they provide a free, online GDPR Compliance Checklist that businesses can use as a framework to achieve their own compliance. This is exactly where you want to start when asking: “Am I ready for the GDPR?”

Divided in four parts, the checklist sets out a list of 19 things to be checked or done (preferably before going to market!) in order to reduce the risks of regulatory penalties.

The checkups are regrouped by privacy-related “themes”:

  1. Lawful basis and transparency
  2. Data Security
  3. Accountability and governance
  4. Privacy rights

In the following, we will show for each of these checkups how you can leverage our technology to achieve GDPR compliance while increasing your business efficiency.

GDPR Compliance Checklist @ glance, with Pryv

Pryv.io is an extensible personal data life-cycle management platform specifically engineered to empower businesses to rapidly create and scale breakthrough, GDPR compliant applications.

A lot of organizations are skeptical about involving a third-party for their privacy – we get it.

So let’s be clear: we don’t access or host any data. All we do is to provide our clients with a ready-to-use, scalable piece of code/software that can be used to rightfully collect, store, share and use personal data. Moreover, you can even choose where you want the data to be stored for each user separately, so it is both safe and compliant with all relevant data residency laws. Pryv.io will then be deployed on the servers and/or infrastructure of your choice. 

GDPR Compliance Checklist

How Pryv helps you solve it

Lawful basis and transparency
  1. Conduct an information audit to determine what information you process and who has access to it.
  2. Have a legal justification for your data processing activities.
  3. Provide clear information about your data processing and legal justification in your privacy policy.
These checkups will help you ensure a lawful, transparent collection and processing of personal data.As for our part, we provide you with a comprehensive and easy-to-scale Software Solution that you can use to easily keep track of what information you process as your business grows. If your legal justification is consent, the Pryv.io eConsent mechanism will allow you to keep track of every consent and related data-accesses per user.

As a plus, the Pryv.io data model is designed to enhance data aggregation, thus allowing for increased business efficiency on your side. On demand, we also help our clients with their data strategy & privacy policies. 

Data Security
  1. Take data protection into account at all times, from the moment you begin developing a product to each time you process data.
  2. Encrypt, pseudonymize, or anonymize personal data wherever possible.
  3. Create an internal security policy for your team members, and build awareness about data protection.
  4. Know when to conduct a data protection assessment, and have a process in place to carry it out.
  5. Have a process in place to notify the authorities and your data subjects in the event of a data breach.
This part is about ensuring that the personal data you collect will be safe, secured and well protected. As said before, we do not access or host any data. Using Pryv.io will thus not jeopardize your internal security; at best, it can also help you achieve it. Our software is privacy-by-design and provides encryption for data “at move” (during transmission). For data at rest: Pryv.io supports client-side mechanisms so you can add as many security layers as you need.

Pryv.io’s segmentation of data and aliasing feature (Release Q1 2021) also allows to selectively share data pseudonymized or anonymised if there is no data that allows identification.

In addition, Pryv.io’s audit module provides information to security systems that can be used to detect a data breach, and further help you identify which data has been leaked. As our client, you will also benefit from our partnerships with data security and hosting providers, such as Build38 and Euris Health Cloud®. 

Accountability and governance
  1. Designate someone responsible for ensuring GDPR compliance across your organization.
  2. Sign a data processing agreement between your organization and any third parties that process personal data on your behalf.
  3. If your organization is outside the EU, appoint a representative within one of the EU member states.
  4. Appoint a Data Protection Officer (if necessary).
Someone has to ensure that the personal data you collect is properly handled throughout your organization and beyond.

Pryv.io can help you ensure that he/she understands what is happening in terms of data within your organization. Like banks that provide detailed reports of all transactions in time, classified in bank accounts, the Pryv.io data model provides all data in “time series” contextualised and classified in streams. It is designed to provide the same readability and transparency as your bank report, so anyone could make decisions and check its execution with a minimum of effort.

In this context, Pryv.io can be used as a data controlling tool to be operated by your DPO.

Privacy rights
  1. It’s easy for your customers to request and receive all the information you have about them.
  2. It’s easy for your customers to correct or update inaccurate or incomplete information.
  3. It’s easy for your customers to request to have their personal data deleted.
  4. It’s easy for your customers to ask you to stop processing their data.
  5. It’s easy for your customers to receive a copy of their personal data in a format that can be easily transferred to another company.
  6. It’s easy for your customers to object to you processing their data.
  7. If you make decisions about people based on automated processes, you have a procedure to protect their rights.
Last but not least, this part is about ensuring that you provide your users with the means to enact their rights.

While it is your job to ensure that your customers can enact their rights, on our side, we provide you with the functionalities to execute them.

Built with a user-centric approach, Pryv is designed to ensure these functionalities while maximizing software performance and business efficiency.

In particular:

-> Pryv.io allows you to provide your users with the option to backup their data on their computer or transfer it to another company (data portability, as requested by checkup #17).

(For example, we developed a ”blue button” app, which will allow the data to be exported as JSON files and packed inside a password protected zip file in one click.)

-> Our API methods allow our customers to easily correct/update/delete data inside a user’s account.

-> Pryv.io proposes a specific mode that enables isolation of per-user data in back-ups for deletion.

Our software is privacy-by-default (default opt-out). This is made to ensure that your users have an explicit choice as to accept or object to the processing of their data. All processes have a 1-to-1 relationship with the users of the App, allowing them to update or revoke their consent at all times. This is dynamic consent. 

As a plus: you can further de-risk your compliance with the Pryv.io data-audit embedded feature – so that beyond allowing your users to benefit from their lawful rights, you can also prove that they were respected and executed rightly.

Focus on your core business knowledge and let Pryv.io optimize your organization’s resources for a responsible, efficient, and lawful collection, use, sharing and disposal of information.

In addition, you will be able to benefit from Pryv.io’s latest features: webhooks for real-time data notifications, high-frequency IoT/real-word data ingestion, a Swift library and Apple HealthKit to develop iOS applications, and many others that will help you boost your business’ success!

Still skeptical? Take a look for yourself: because we believe transparency is key when it comes to privacy, our software is also available in Open Source since this summer.

For all other questions or to book a demo, contact us directly at: https://www.pryv.com/contact/

Yours,

Pryv Team