At Wrangu, we understand the challenges introduced by privacy laws in the Asia region such as the Law on the Protection of Personal Data (LPPD) in Turkey and Personal Data Protection Act (PDPA) in Singapore. Enterprises that do business in Turkey and / or Singapore need to comply with these data protection regulatory requirements.
Leveraging our extensive experience in supporting organisations with compliance with the General Data Protection Regulation (GDPR) in Europe, the Asia component for Privacy Hub by Wrangu provides bespoke features and functionalities to support key requirements of the LPPD and PDPA regulations.
Our in-depth experience with privacy laws and regulations and risk management means that we have unrivalled delivery capability. We offer the perfect blend of deep functional knowledge and technical expertise enabling you to manage privacy requirements.
The Asia component for Privacy Hub by Wrangu has been designed as a plug in which offers quick and easy installation ensuring organisations achieve regulatory compliance in the shortest possible time. As further guidance is provided on LPPD and PDPA, and as precedence is set, ongoing maintenance of the solution is guaranteed through data driven property settings that can be readily configured, facilitating quick adoption of changes as required.
Data Privacy Portal
Provides your data privacy team the ability to interact with all modules in a simple web-based interface as well as enables your employees to exercise and manage their rights, report potential data breaches and raise queries directly with the data privacy team.
DPO Dashboard
The DPO dashboard gives your data protection team a real-time overview of the entire organisation’s privacy activity on a single page. Provides drill down capability right down to live source data and enables flexible report creation with tailored views.
Data Subject Rights Requests (DSR) Module
The data subject rights module provides the ability for data privacy teams and data subjects to raise and manage data subject rights requests. Highlighted features include:
- Dynamic workflows for data subject rights request which organisations can adapt to suit their own ways of working.
- Ability to vary SLA duration for each data subject rights requests type and indicate whether extensions are allowed.
- A consolidated view of all open and closed data subject requests received from a particular data subject over a giver period of time to manage excessive request.
- Pause and on-hold button to ensure SLA durations only count when a valid request is received from the data subject.
- Open API allows capture of DSR requests from external sources.
Data Protection Impact Assessment (DPIA) Module
The DPIA module relies on latest guidance from regulators and provides the ability to perform an initial DPIA screening questionnaire and, if required, conduct a full assessment for new projects, ensuring adherence to privacy by design principles. Highlighted features include:
- Automatic evaluation of DPIA responses with possible concerns raised for consideration.
- Built-in configurable risk calculation engine displays risk ratings based on responses.
- Configurable approval levels throughout the lifecycle of an assessment.
Record of Processing Activities (ROPA) Module
Comprehensive engine enabling the robust documentation of processing activities with the ability to relate a ROPA directly to services, processes or configuration items within the ServiceNow CMDB.Highlighted features include:
- Capture new data points as required to ensure the completeness and ongoing relevance of the ROPA record.
- Maintain version history for each ROPA ensuring enrolment in the registry of data controllers with Verbis in Turkey are sent when required at ROPA creation and update.
- Flag changes in the CMDB and other sources that would suggest a need to update the ROPA.
- Generate and update a ROPA from a DPIA utilising the same data set from the DPIA.
- Indicate whether data subject rights request should be fulfilled based on the lawful basis of processing for each category of data subject.
Data Breach Reporting
Acts as a register of all data breach incidents as they relate to personal data and facilitate the automatic determination of whether a report or notification should be sent to the regulatory authority or impacted data subjects. Highlighted features include:
- Standard process to support data gathering for number of impacted data subjects and whether personal data has been accessed by unauthorised persons.
- Automated data breach SLA calculator to ensure regulatory stated reporting timelines are monitored and complied with.
- Generate and assign dynamic tasks to relevant parties in addressing data breach reporting requirements.
- Support report creation for notification to the supervisory authority or communication to data subjects.
- Ready integration with ServiceNow Security Incident Response module.
Minor release
Privacy Hub (core) 4.5 or higher
ServiceNow Rome, San Diego or Tokyo release