The DataProtectionMS Platform for the Industry

Receive Data Subject Access Requests as a manufacturer

Are you a mechanical engineering company, an automaker or a medium sized industrial company? The industrial sectors processes personal data on a large scale. It is not just about the data of customers, suppliers and employees, it is also about the machine data, which can contain a reference to a person. Such a reference does not seem to exist at first. However, the GDPR defines personal data as "any information relating to an identified or identifiable natural person; a natural person is considered as being identifiable, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified ".

If machine data contains location data or other unique identifiers such as the machine name and these unique identifiers can be referenced to persons such as the machine operator or support technician, one must ensure compliance with the applicable data protection laws. If a personal reference can be derived from machine data the GDPR may apply. Machine data can be used to gather information about people which may allow e.g. for a behavioral and performance analysis. The number of such processes, in which machine data or device data can have a reference to a person, are substantial. In particular since the Industrial Internet of Things and Industry 4.0 have significantly increased data creation and collection.

On receiving a data subject access request, industrial companies must go through a (currently purely manual) process and look for possible personal data. Against the background of the new rights of data subjects, companies in the production industry should prepare by automating these processes.

Step one: Receive Data Subject Access Requests

As an industrial company you want to receive the request as standardized and automated as possible. The DataProtectionMS platform generates the necessary input forms for you, which can easily be integrated into your existing website or other web-based portals.
The frontend receives the request from employees, customers, suppliers and other stakeholders. Depending on the requirement, a form can be used for all groups or forms can be generated which are adapted to specific groups (for example, employees) .

Monitor all requests and determine compliance using the dashboard

The DataProtectionMS dashboard gives you a quick overview of the pending requests, their processing time, and the status of your compliance. This means that the management, the data protection officer and the compliance officers are always in a position to provide information about the company┬┤s conformity with Article 15 of the GDPR. By means of an export function, the data protection authorities can be given fast and transparent information for audit purposes. Long-lasting coordination processes and on-site checks can be avoided.

Our automatic Privacy Advisor will gather the data and collate all necessary information

Upon receiving a request, the DataProtectionMS Platform will begin collecting and collating the relevant information within your organization. Since the data sources can contain many different formats, these are prepared in a report (e.g. as Adobe PDF) and provided as a data package. Here, your design specifications as well as data specific approaches can be implemented.

Communicate the information and provide the data

In the last step, the platform communicates with the requestor to provide the information. This information is protected by password, 2-factor authentication or the company's own login, depending on the method chosen. Each action is logged to provide proof of the availability and download.

Any questions? Contact us to receive an offer!

Congratulations. Your message has been sent successfully.
Error, please retry. Your message has not been sent.