MissionGDPRBrochure2018

Mission GDPR software will exceed your
expectations in terms of features, support,
price and ease of use, quite simply,
more for less.


Easily manage every part of your GDPR GDPR Software
operations and compliance.


W
We know the problems you face and have
the solutions you need. Web Edition




Contact Us


Mission Software
3rd Floor
86 - 90 Paul Street
London
EC2A 4NE
UK

T
Tel: 0333 920 2149

Email: [email protected]

Web: www.missiongdpr.com



Mission Software // Proven Excellence

Why Mission GDPR?


GDPR compliance is a process not an instant
solution. You need a system that takes you
through each step with simple to follow
instructions, wizards and document layouts.
About Us
Our software securely imports your data for ur software securely imports your data for
O
owners to review, request changes, deletions
Mission Software designs innovative and sophisticated solutions; our aim is and also consent to you having it. Each indi-
to maximise your potential & develop software that will make a significant vidual gets a personalised secure web page
and lasting difference to your organisation; we know the problems you face and all change requests are easy for you to
and have the solutions you need.
manage.
Like every company that holds data we have to comply with the new GDPR ike every company that holds data we have to comply with the new GDPR
L Break your data down into sections such as
rules, but we weren’t sure where to start. We wanted a simple to use system Sales, Subscriptions, Suppliers, Contacts etc.
that would take us through each step of our new legal requirements simply Import each section and our system generates
and easily. a unique web page for each individual.

T Y You can email each person a login to review
This software would have to give us a way to state what our data protection his software would have to give us a way to state what our data protection
policies are, list all of our client data, very easily allow them to see what data and analyse the data you hold on them. This is
we hold, tell us if anything is wrong and also give them the chance to ask us also a great opportunity to get compliance,
to delete their data, if that is what they wanted. marketing approval and up to date information.


We were unable to find a good solution, so we wrote one - Mission GDPR. We have taken all the hard work out of allowing your contacts to choose
their preferences and be fully compliant with the new GDPR laws.
Our GDPR software is feature-packed and starts at just £300, it’s just right if ur GDPR software is feature-packed and starts at just £300, it’s just right if
O
you want a wizard system to manage every part of your new GDPR require- You can very easily show what data you are holding, the legal basis for
ments. It will take you through each step of the process allowing you to having it, what you do with the data, state whether you process or profile
easily manage data you hold, data requests, data breaches and getting that your contacts and also allow your users to request changes.
all important consent you need to store and use your data.
M
Mission GDPR makes you fully compliant, it has sections that cover Children, ission GDPR makes you fully compliant, it has sections that cover Children,
Avoid costly fines by quickly and easily getting your GDPR processes in International Data and also Data Breaches. It’s easy to use and runs over the
order with Mission GDPR software. internet using all the common web devices.

Step 2 - Individual’s Rights


You should check your procedures to ensure they
cover all the rights individuals have, including
how you would delete personal data or provide
Your GDPR Project - No headaches data electronically and in a commonly used
format.

The first step in your GDPR process is to decide The GDPR includes the following rights for
who is going to run the GDPR project and individuals:
whether you need a team.
the right to be informed
Y You need to analyse your organisation to find out the right of access
what data you keep, how you are going to the right to rectification
contact people, handle requests and also create the right to erasure
the necessary documents such as Privacy the right to restrict processing
notices. the right to data portability
t
the right to objecthe right to object
the right not to be subject to automated decision-making & profiling.
Step 1 - Analyse Your Data This is a good time to check your procedures and to work out how you

will find, make available, edit, delete and manage data in your organisation
This is the data you hold on individuals and you need to be able to easily from now on. You may need new processes for authorising changes and
answer the following questions: deletions.

What data do you have? The right to data portability is new. It only applies:
How do you use it?
Do you have a lawful basis for processing someone's data? to personal data an individual has provided to a controller where the
Can you prove it? p
processing is based on the individualrocessing is based on the individual’s consent or for the performance of a
What data retention periods do you have? Are they reasonable? contract; and when processing is carried out by automated means.
Have you given all these individuals the right to view and analyse this data?ave you given all these individuals the right to view and analyse this data?
H
How are you going to handle change & delete requests & prove it is done? You must provide personal data in a structured commonly used &
machine readable form & also provide the information free of charge.
You must provide all of this in concise, easy to understand ways. The Mission
GDPR system helps you to do all of this in a logical easy to follow process.

Step 4 - Data Access Requests



You should update your procedures and plan how you will handle requests to
take account of the new rules:

In most cases you will not be able to charge for complying with a request.
You will have a month to comply, rather than current 40 days.
Step 3 - Consent You can refuse or charge for requests that are manifestly unfounded or exces-
sive.

You should review how you seek, record and manage consent and whether you The Mission GDPR system allows you to record all requests, upload that indi-
need to make any changes. Refresh existing consents now if they don’t meet vidual’s data to our secure online system, email them a login where they can
the GDPR standard. Use our consent checklist to review your practices. review and requests changes and deletions, full GDPR compliance in a secure,
simple, fully audited way.
C
Consent must be freely given, specific, informed and unambiguous.onsent must be freely given, specific, informed and unambiguous. There
must be a positive opt-in – consent cannot be inferred from silence, pre- Step 5 - Reason For Having Data
ticked boxes or inactivity. It must also be separate from other terms and con-
ditions, and you will need to have simple ways for people to withdraw
consent. Public authorities and employers will need to take particular care. You should identify the lawful basis for your pro-
cessing activity in the GDPR, document it and

Consent has to be verifiable and individuals generally have more rights where update your privacy notice to explain it.
you rely on consent to process their data.
Many organisations will not have thought about

You are not required to automatically ‘repaper’ or refresh all existing DPA their lawful basis for processing personal data.
consents in preparation for the GDPR. But if you rely on individuals’ consent to
process their data, make sure it will meet the new GDPR standard on being People will have a stronger right to have their data deleted where you use
specific, granular, clear, prominent, opted-in, properly documented and easily consent as your lawful basis for processing.
withdrawn. If not, alter your consent mechanisms and seek fresh GDPR
compliant consent, or find an alternative to consent. You will also have to explain your lawful basis for processing personal data in
your privacy notice and when you answer a subject access request. It should
be possible to review the types of processing activities you carry out and to
Our software allows your contacts to log in and give specific consents to your ur software allows your contacts to log in and give specific consents to your
O
range of questions and because GDPR is an on-going process this online system identify your lawful basis for doing so.
can be available to your users for as long as you need.
The software will document your lawful bases in order to help you comply with he software will document your lawful bases in order to help you comply with
T
the GDPR’s ‘accountability’ requirements.

Step 8 - Your Processes


The GDPR makes “Privacy by Design” an express legal requirement, under
the term ‘data protection by design and by default’. It also makes PIAs –
referred to as ‘Data Protection Impact Assessments’ or DPIAs – mandatory in
Step 6 - Children’s Data certain circumstances.
You should therefore start to assess the situations where it will be necessary
This section relates to companies that specifically sell to children or maybe to conduct a DPIA. Who will do it? Who else needs to be involved? Will the
provide software systems such as games and social media services that are process be run centrally or locally?
used by children.
F
Follow our step by step examples to streamline and make all of your ollow our step by step examples to streamline and make all of your
A child is considered to be less than or = 16 years old. You must do age processes compliant.
checking (even if you are not doing this at the moment).

F Step 9 - International
For all the services you supply you must ensure that you are getting specific or all the services you supply you must ensure that you are getting specific
guardians’ consent and your documentation must be written in a way that
would be easy for a child to understand. Do you operate in more than 1 EU state?


The Mission GDPR software has a whole section for handling data on children If so you have to identify the multiple legal
and also getting that vital parent’s consent in a simple secure manner. bodies you need to report and comply with.
Mission GDPR helps you map out your organisa-
Step 7 - Data Breaches tion including your teams, Privacy officers,
Documents Required, Processes and consents.
You must have the right procedures in place to detect, report and investigate
a personal data breach.
Complete Peace of Mind
You must report certain types of data breach to the ICO, and in some cases, to
individuals. Where it is likely to result in a risk to the rights and freedoms of With Mission GDPR it is very easy to manage your whole GDPR compliance.
individuals, discrimination, damage to reputation, financial loss, loss of
confidentiality or any other significant economic or social disadvantage. We have worked with GDPR experts to look at each step of the new require-
ments and to help you prove that you have analysed your organisation, made
Mission GDPR helps you to put procedures in place to effectively detect, ission GDPR helps you to put procedures in place to effectively detect,
M available all data for analysis and review, established a system to update or
report and investigate any personal data breach. Failure to report a breach delete data and also refresh all your consents for holding data and future
when required to do so could result in a large fine. marketing.