After an extensive period of internal testing and a round of closed beta testing, GDPR HQ application is finally ready for a public beta test.
Thanks to all of you who subscribed to be notified when the application is ready; we already sent email notifications, and hopefully, you already opened profiles and started to browse through the features. And there is plenty of features for you to explore :)
Start your journey by defining few of the processing activities involving personal data. Some of the good examples may be "Sending a newsletter", "Trial user registration" or "Customer satisfaction". Determine the lawful basis for processing (e.g., legitimate interest or consent) and you should be good to go.
Optionally, set communication channels used in particular processing; this is not GDPR requirement, but it's practicality we decided to implement.
Create a consent document for processing activities where a lawful basis is, well - consent. One of our favorite web resources on the GDPR matter is ICO from the UK; take a look what they have to say about the lawful basis of processing.
Note that Consent should be your last resort, use it with caution; try to use another basis for your processing activities first (e.g., legitimate interest).
Consult with your lawyer or GDPR consultant if you're not sure.
GDPR HQ allows you to create two different versions of the consent document: PDF version and HTML version. Use the PDF version to print the consent document so that data subject (e.g., customer) can sign it. You can use HTML version on your website to offer a digital version of the consent document.
Once your customer/user signs the consent, you can enter it back to the GDPR HQ application. If you have signed PDF document, you can also scan it and attach it to the record.
I believe that you already know that you're not allowed to conduct those processing activities where lawful basis is consent if you didn't, before the processing, obtain consent from the individual. Once you enter a record of the consent for specific data subject (e.g., customer, user), GDPR HQ can tell you whether you should continue with the processing or not.
For example, your CRM application can ask (using API) GDPR HQ something like this: "do we have consent for this particular customer to call him and introduce our latest product".
Under the GDPR, an individual has certain rights, e.g., right to be informed, right to rectification, right to erasure, right to object, etc.
You can use GDPR HQ application to record all communication related to data subject rights. For example, a customer may send you an e-mail requesting that you change his address in your CRM application. Store that e-mail message as data subject request and respond to the customer with predefined (templates) answers.
You can then use Data subject requests feature to answer with a templated email message once a request is processed.
Manage and store a minimal set of personal information about data subjects inside GDPR HQ application. You can even connect our app to your system using API so that you save only unique ID inside our system.
Scan your website for cookies and group them in separate categories, e.g., necessary cookies, marketing cookies, tracking cookies, etc.
Display a cookie consent message to the visitor of your website and record his answer as cookie consent into GDPR HQ app.
Besides these significant features, there is also plenty of smaller one - dig into and explore.
If you would like to try API/SDK, these links can be helpful:
We're also working on new features, will keep you posted, both here on this blog and in periodical email notifications.
Once again thanks to all of you who subscribed to be a beta tester. We're proud to announce that we already have paying customers using GDPR HQ as early adopters so we do not expect that public beta phase lasts long; it should be quite soon until GDPR HQ is ready for production.