In order to fully unleash the potential of Security module, you ought to perform several actions:
Specify the roles demanded by GDPR within your company
- In Master console go to Tools – Administrator accounts
- Choose the user who take care of the duties resulting from GDPR’s content, edit him and select the functions accordingly.
Define the structure of your company’s localization and describe the security chosen for each compartment.
- Find the Organization-> Locations menu.
- If you haven’t defined the structure of your company, you need to do it at the very moment. If you already recorded your localizations, you may only edit them in order to fill in the lacking pieces of information.
Define the list of firm which take part in personal data processing. Fill in the data concerning their representatives and save their addresses.
- In the aforementioned menu choose Companies.
- If you haven’t defined any company, you need to do it at the very moment. If you already recorded some positions, you may only edit them in order to fill in the lacking pieces of information.
- Mark your firm as Personal Data Controller; name your company’s Personal Data Controller representative.
Fill in your company’s employee list
- If you are in possession of directory service, you may synchronize the employees with your facility. The synchronization is one-sided; it will gather the data about the staff from AD without implementing the changes from the opposite side. In order to perform synchronisation, go to Tools->Import Personnel
- If you are in possession of the employee list in form of a text file or a spreadsheet, you may import such a list to a program. It demands only saving the file in CSV format and importing it to a program. For more detailed instruction on this procedure, see THIS article.
- In case you are not able to perform any of the aforementioned procedures, you may create the employees manually. Go to Personnel menu and choose New employee option.
Before proceeding with creating documentation, take your time to focus on which lists should be created or edited. A list which you can see below -integrated into the system, yet needing complementing – is ‘The scope of processing’. Dependently on your needs you may add another positions to it.
- Go to Tools menu, choose Options and in Helpdesk tab choose Attributes.
- Choose a list which you would like to edit, clik “Edit” and use “Elements” edition menu to create an editor of the list’s components .
- If you already edited the lists, you may proceed further. Remember – you can return to these settings at any moment in order to add new options which will be available in the system.
Make an inventory of your company’s dataset
- In statlook Web proceed to GDPR tab. IF you have not created any data set yet, you might do it with Create new dataset button.If you already implemented the datasets and would like to add a new one, go to the Datasets report and use Add new dataset button.
- To provide authorization, open statlook Web and proceed to GDPR module. By clicking the Access to dataset tile, you may fill in an application to authorize a given user.
Determine who processes/whom your data were entrusted to
- If the data you have gathered are processed by a third individual, they ought to be given an information concerning the entrustment. Similarly as in case of providing access, use the same tile, this time only choosing Entrustment option.
Import security documents – including your company’s Security Policy or IT System Management Instruction – to the system
- In order to insert already existing documents to the system you may use Documents tile or Documents report. A list of recently added documents will be visible on a main screen of GDPR module.
Plan a training concerning personal data protection for you employees.
- The biggest number of personal data breaches is a result of a successful sociotechnical attack. The attacker manipulates an unaware worker either in order to obtain the data he wants or to persuade him to perform certain activity. The most important element of protecting your company from such an attack – no matter if it is a crafted email or a fake phone call – are periodical trainings. In order to plan such a training in statlook system, you need to proceed to GDPR tab and click Schedule training.