Ensuring compliance with GDPR/FADP
Designed by data protection and IT security specialists, Rumya GDPR is a software that offers a concrete response to companies subject to data protection regulations. It is easy to implement, offers a very pragmatic approach and provides your company with efficient day-to-day support.
With 3 complementary modules, it is easy to simplify your compliance!
Would you like to test our product or have a demonstration?Contact us
The GDPR - General Data Protection Regulation
The European Union regulation (EU 2016/679) which entered into force on 25 May 2018 aims to:
- • Define the rules regarding the protection of personal data of individuals with respect to the processing of the data and the rules regarding the free movement of such data.
- • Protect the fundamental rights and freedoms of individuals.
- • Ensure the free flow of personal data within the European Union and the relevant countries.
Managing individuals’ rights
Rumya GDPR/FADP offers you a tool that makes it easier to manage individuals’ data protection rights.
Specifically created to manage requests according to the principles of privacy by design, the application handles the entire process: from collecting the request to returning the information in a secure extranet via the standardised and traced processing of the request.
Individuals concerned have the following rights:
- The right to information
- The right to access their personal data
- The right to modify their personal data
- The right to have their personal data deleted (or the right to be forgotten)
- The right to restrict how their personal data is processed
- The right to data portability
- The right to object to their personal data being processed in certain circumstances
- The right to be given an explanation regarding any decision made pertaining to automation or profiling
Automated creation and online publication of forms dedicated to the persons concerned
Assistance in processing applications
Providing users step-by-step support in the response process
Collection of personal data
Manual or automated import to collect the information to be communicated to data subjects
Customised connectors (API)
Personal data collection
Secure area for data subjects to access their information
Interface to quickly view the status of applications
Archiving centre for completed applications
Recording and classification of requests and responses according to legal principles
Documentary database to store all compliance-related files
Specific access for the Data Protection Officer
Management space, dashboard and multi-company settings
Integration of multiple forms by sector, industry, entity, etc.
Notifications and tasks
Automatic reminders and task management between users
Receipt and processing of requests received by email, telephone, etc.
Management of user rights
Personal, secure and controlled access to application processing
Visual reporting of application volumes and processing times
Management of data breaches
Rumya GDPR/FADP supports companies if their data is breached.
The application aims to describe and document the breaches according to legal principles. It guides the company in its decisions according to the type of breach and enables it to act accordingly by transmitting information to the persons concerned and to the supervisory authorities.
Personal data breachesAny organisation that processes personal data must have measures in place to:
- prevent breaches,
- document any breaches,
- notify the supervisory authority,
- communicate the breach to the persons concerned.
Description of the notification
Form for recording breach-related information according to the recommendations of the supervisory authorities
Entering the chronology of breach
Details of the discovery and management of the breach
Presentation of the measures in place
Description of the measures in place prior to the breach and the consequences for those affected
Description of future actions and measures to be implemented to address the breach
Collaborative space for crisis management
Discussion forum and secure data room for crisis management coordination between stakeholders
Automated reporting to data subjects
Email or direct mail notification of the breach and follow-up of the statements
Automated reporting to the supervisory authority
Sending the notification to the supervisory authority according to the reporting methods in force (electronically, Excel file, email)
Versioning and historization according to legal principles
Saving and archiving each version of the notification, comments and changes made
Rumya GDRP/FADP aims to manage all information related to the consents of individuals, whether they are customers, employees, or otherwise.
This processing of information extends from the collection of consent, in all its forms, to its withdrawal or deletion and also manages versions of contractual clauses.
ConsentDefined as "any freely given, specific, informed and unambiguous indication of a data subject’s wishes by which they signify their agreement, through a declaration or a clear positive act, to have their personal data processed.
Special attention should be paid to the following points:
- allowing for the right of withdrawal,
- making it possible to prove consent,
- managing the consent of minors,
- special case of explicit consent.
Management of the consent life cycle
Consultation of consent status and management of the versions of associated documents
Collection of consent
Multi-channel consent request and collection via form, email, SMS or dedicated API
Traceability and guarantee of inalterability
Historization of consents using algorithms and chain signatures
Management of parental consent
Integration of the particularities related to the consent of minors and management of the transition to legal age
Managing explicit consent
Integration of handwritten signatures where necessary
Withdrawal of consent
Timestamp of withdrawal and visualisation of impacts on processing activities
Connectors and PLCs
Tailor-made integration of consents into the company's IT ecosystem
Transversal securing of exchanges and data
Customisation of request and response forms according to the particularities of a company
Archiving of requests and responses according to legal principles
Automatic procedure for destroying access and information
Possibility of customising the software to your own colours
Forms and management interfaces available in several languages