- 0 kr
Frequently Asked Questions (FAQ)
I see the SEAL product is targeted at small/medium businesses? Does it work in a large business too?
Absolutely, by taking a department/function at a time, you can SEAL parts of your organisation in turn. The SEAL was created by Privacy Practitioners who have spent many years working hands-on in all type of businesses, although a large part of this was in Fortune 100 companies.
What does the start-up cost include?
Your organisation will get its own place to work through a checklist for GDPR compliance. This includes registers and templates, and a widget which you can insert on your website to take securely (directly) (1) requests from your employees, ex-employees, customers, partners, etc., exercising their rights as a data subject, and (2) report data breaches. How the widget will look, you can see on the Privasee website in the bottom-right corner.
Does the startup cost need to be paid more than once?
Normally no. However, if you want to have the service in another language there will be an additional start-up cost.
Which languages are available? Are their plans to translate into more languages?
English and Swedish, in the pipeline is Portuguese. They are mainly available where we have active Privacy Practitioners located in the country who help us to make this happen. There are plans to roll out more languages such as Norwegian, Danish and Dutch. If you are interested to work with Privasee on this in your country we would like to hear from you.
How does the breach work?
1. Report breach via widget, on your website or/ and intranet.
2. The data protection responsible in your organisation (this is a task to GDPR compliance, you need to appoint one) will receive a notification that a breach has been reported in their mailbox , it will be listed in the GDPR portal assigned to your organisation. This portal is what is sitting behind your widget, and is where incidents will be logged.
3. As a subscriber you have access to a knowledge-base to help you decide how to manage the breach. It is advised that as the data protection responsible that you've completed the privacy champion training (its flexible online and fun)
4. Using this platform you can manage your breaches and keep evidence on what you decided and why.
5. If you decide to move to another platform in the future you can export your incidents so you have the evidence if requested by the Supervisory Authority.
Does our organisation get the SEAL if it completes the checklist?
It is not immediate. Your data protection responsible needs to contact assigned Privacy Practitioner (from Privasee) to conduct a quick audit. Depending on the size of your organisation, it could be 2 hours (if it is just yourself and maybe one other in the business) or it could be 8 hours if your organisation has 50-100 employees.
What we do is a completeness and quality check (QA) and this is an add-on cost.
The portal will basically tell us if you have any outstanding tasks, and a random check will be done on the quality. You will receive a short report providing remediation necessary in order to earn the SEAL.
What does the GDPR say about SEALs and certification?
It is articles 42 and 43 which talks about certification and the use of SEALS. Officially today there are no mechanisms to certify an organisation; whatever you may read elsewhere. It is still work in progress because it is complex, e.g. what is being sealed, into scoping the seal to a product/service/business function, etc.
Privasee introduced the first SEAL in 2015 for SecureMailbox and in 2016 came SecureAppbox and FamiljehemSverige.se. The SEAL was scoped to a specific service. Privasee did not claim to certify during the early days, even though this was the intention. Securemailbox were quick to use the SEAL in their marketing material as a product differentiation.
Since 2016 the Privasee SEAL and associated GDPR compliance requirements, has evolved from a mainly manual process into automated portal.
Privsasee cannot claim to be an official GDPR certification provider, no company can do this yet. However, we can claim to provide guarantees that your organisation is following industry best practices for GDPR compliance, and we at Privasee will back you up on this, with issue of our SEAL badge which you can place on your website as evidence.
How does it work responding to data subject rights (DSR)?
- The data subject will submit their request via your widget embedded on your webpage, or via Privasee's widget (you decide which works for your organisation best).
- Your organisation will be provided with a secure email channel -which works using your own domain name- through which your data protection responsible will communicate with the requestor.
- Within your GDPR portal you will find templates which you can generate to specific responses, which will be stored in the portal.
- You will need to update your DSR register, with the request, and outcome as evidence.
Can Privasee manage our GDPR breaches and DSRs?
In short yes. We do this for other customers today, both very large and small. The only proviso is that your company uses the Privasee channels. This way we can be sure that what we are managing is compliant with GDPR.