GDPR Solution
      Back to home
      1. Help Centre
      2. Leo's Solutions
      3. GDPR Solution

      Leo GDPR Solution: What does it consist of

      ⏱️ 2 min

      The Leo GDPR Solution includes the Compliance Monitoring (GDPR) for annual reviews, and a series of risk assessments and registers allowing you to keep track of records required by law.

      It includes a Vendor Due Diligence report, a Employee Declaration module allowing employees to attest to having read policies, and many other templates.

      screenshot new modules

      Leo’s functionalities can automatically pull data from Leo GDPR assessment templates into relevant registers so that you can avoid manual data re-entries. For Example:

      • Data Breach Risk Self-Assessment (notification to the Supervisory Authority/Data Subjects) feeds into REGISTER: Data Breach
      • Legitimate Interest Assessment (LIA) feeds into REGISTER: Legitimate Interest Assessment (LIA)
      • Third-Party Risk Assessment (GDPR) feeds into REGISTER: Third Party Risk Assessment
      • International Data Transfer Assessment (IDTA) feeds into REGISTER: International Data Transfers, and
      • Data Protection Impact Assessment (DPIA) feeds into REGISTER: Data Protection Impact Assessment (DPIA).

      All registers can also be populated manually without the need to complete an assessment where more flexibility is required.

      How to set up your GDPR accountability framework?

      Subject to your own counsel's advice you can:

      1. Carry out annually the GDPR Compliance Monitoring to understand your current GDPR compliance framework and identify any potential gaps that may exist in your compliance efforts;
      2. Map out your businesses processes that utilise personal data, populate the Record of Processing Activities Art. 30 (Controller);
        1. The Record of Processing Activities Art.30 (Controller) will guide you as to the next steps:
          1. The ‘Legal basis’ column will automatically indicate whether you need to conduct a Legitimate Interest Impact Assessment (LIA) on Leo
          2. ‘The risk of processing’ column will indicate whether you need to perform a Data Protection Impact Assessment (DPIA) on Leo
          3. ‘Is the Third-Party Assessment needed’ column will indicate if you need to perform Third party Risk Assessment on a service provider (otherwise known as Vendor Due Diligence)
          4. ‘Is International Data Transfer Assessment needed?’ column will indicate whether you need to conduct an International Data Transfer Assessment (IDTA) on Leo
      3. Finally, move on to carry out the appropriate assessments. These will be automatically logged in the relevant registers once they are completed and published.

      What else is there?

      1. Data Breach Self-Assessment: Was there a data breach? (for employees) allows you to assess whether a data incident is a data breach and therefore more compliance requirements may apply
      2. Data Breach Self-Assessment (Notification to the Authority/ Data Subjects) allows you to assess whether a data breach should be notified to the Authority and/or Data Subjects
      3. REGISTER: Data Breach is linked to the Data Breach Self-assessment (Notification to the Authority/Data Subjects) and can be also populated manually
      4. REGISTER: Data Retention and Deletion is a space for you to map out your retention policies and how you implement them
      5. REGISTER: Data Subject Access Request Register (DSAR) is a space for you to note any incoming DSARs
      6. REGISTER: Special Categories of Data helps you meet the requirement of Appropriate Policy Document (APD) which the DPA 2018 requires when processing special category (SC) and criminal offence (CO) data under certain specified conditions

      Please read our Leo’s GDPR Accountability Guide to see how to easily maintain your GDPR Accountability Framework.