HiScout Data Protection
Software for data protection management in accordance with EU GDPR (EU General Data Protection Regulation)
You can set up a legally compliant data protection management system for your organisation with HiScout Data Protection in a short period of time. You will be guided through all data protection topics step by step – from creating the processing directory to the deletion concept and the management of data protection incidents even if you are not a data protection expert. Evidence and documentation of your previous data protection tools can be uploaded in HiScout as applicable documents, to ensure a seamless transition. All reports required by you to fulfil the burden-of-proof in accordance with EU-GDPR (General Data Protection Regulation), are automatically generated. The HiScout dashboard, with clear graphics and diagrams, provides a quick overview of the current situation at all times.
Convenient data collection at the place of processing
The HiScout Questionnaire templates support you in surveying employees and external service providers via the processing activities carried out by you, or for which you are responsible. The questionnaires are sent, checked and read into the HiScout database through an automated process. A questionnaire for recording processing activities is included in the scope of delivery. You can create your own questionnaires with the HiScout Questionnaire add-on.
Using the standard data protection model
The use of the Standard Data Protection Model (SDM) is recommended by the Data Protection Conference and is mandatory for basic protection. With this method, you ensure that personal data processed in your organisation complies with the data protection regulations. It not only considers the risks of those effected, but also the risks for your organisation.
Safeguarding the rights of persons and parties concerned
The data protection module offers predefined processes for compliance and audit-proof documentation of the rights of persons and parties concerned to deletion, information, data transfer and correction.
Secure handling of data protection incidents
The HiScout process for handling data protection incidents helps you in recording data correctly and tracking data protection breaches. You keep track of the strict reporting deadlines to authorities and those concerned, and assign appropriate measures. Stored time stamps prove that the incident was handled in a GDPR (General Data Protection Regulation) compliant manner.
Multi-client capability at the highest level
Large organisations and consulting firms can manage hierarchical structures with clients and sub-clients in a single HiScout instance. The data can be used generically, as well as client-based. The HiScout authorisation system protects against unauthorised access and guarantees the data sovereignty and confidentiality of the clients.
Newsletter
Exciting news and interesting facts on HiScout products and topics
Sign up for NewsletterImportant Dates
Important industry events, HiScout webinars and online seminars at a glance
To OverviewStep-by-step to legally compliant data protection management
-
Directory of the Processing Activities
You describe all activities occurring in your organisation where personal data (PD) is processed, in the processing activities registry (VVT). The VVT is a mandatory data protection document which complies with GDPR (General Data Protection Regulation), and is the basis for all further activities when creating a data protection management system. It contains the following information:
- Data protection officer and person responsible
- Purpose and legal basis of processing
- Type of data recorded and transmitted
- Data flow with data origin and data recipient
- Data-bearing documents, applications and systems,
- Transferring data to non-EU countries
- Assignment of legal retention periods
- Authorisation groups
- Technical and organizational measures
- Other accompanying documents
-
Privacy Impact Assessment (PIA)
A protection impact assessment with threshold analysis shows whether a Privacy Impact Assessment (PIA) is required. The protection requirement assessment includes a detailed description of the processing, the processed data, the recognised risks and the selected risk-reduction measures. The remaining risks of the processing activity for those affected will be examined, in case a Privacy Impact Assessment (PIA) is required. The PIA in HiScout covers all important areas required by GDPR (General Data Protection Regulation) – the description of the processing activities, weighing the purpose of the processing as opposed to the intervention of the rights of those affected, and the assessment of the residual risks of those affected after the use of minimised measures. Finally, the data protection expert assesses whether the processing activity is still permissible.
-
Deletion Concept
The HiScout Data Protection module supports you in administering and carrying out the deletion procedure in accordance with GDPR (General Data Protection Regulation), and in recording the retention periods and legal basis. Existing deletion concepts and other accompanying documents can be embedded. The data stored in the processing directories are automatically prepared and are compiled into a report at the touch of a button in HiScout Version 3.1.2 and higher.
-
Technical and Organisational Measures
To ensure secure processing, all organisations which use personal data must define and document technical and organisational measures (TOMs) in accordance with GDPR (General Data Protection Regulation). HiScout allows you to select the measures from all catalogues stored in the program as well as your own measures maintained in other modules. You can then assign these to a processing activity, e.g., from the BSI Basic Protection Catalogue or various compliance guidelines, as well as from the standard data protection module.
-
Order Processing Contracts
An order processing contract must be concluded in case personal data is processed in a specific order. HiScout Data Protection offers the following options for mapping order processing conditions in HiScout Version 3.1.2 and higher:
- Recording of the order processing conditions with the client and subcontractor
- Assigned repository of the order processing contract
- Issuing an extract from the VVT with assigned TOMS as proof for the person responsible on the client-side
- Required notifications of deletions and changes for subordinated contractors
-
Transfer Impact Assessment
In order to comply with the new SCC (Standard Contractual Clauses) published by the EU Commission in 2021, a separate risk assessment must be carried out for data transfer to third countries. HiScout Data Protection supports you in carrying out the transfer impact assessment.
A data pool for basic protection, data protection and risk management
The HiScout Data Protection module can be extended to an integrated management system with a common database. A beautiful example of the interaction of the HiScout Basic Protection, HiScout Data Protection, HiScout ISM and HiScout BCM modules: the basic protector becomes active and surveys the processes as well as the required applications. The Emergency Manager is delighted with the collected data and uses it for the Business Impact Analysis. Meanwhile, in the directory of the processing activities, the data protector uses the currently maintained master data to record what data is processed by which application. The basic data protector can incorporate this information into its process analysis to assess the protection requirements.
HiScout technology can be upgraded and is future-proof
The HiScout GRC software is a browser-based multi-user application, which does not require any installation on the client-side. 100% of the development and support are carried out in Germany. The data model and user interfaces of the HiScout Platform can be upgraded and expanded at any time without requiring programming skills, in order to realize individual requirements of our clients. We are in regular dialog with our user groups and in stakeholder forums, and jointly align our development goals with practical needs and future requirements. HiScout Data Protection can be combined with other HiScout add-ons such as HiScout platform can be upgraded and expanded at any time without requiring programming skills, in order to realize individual requirements of our clients. We are in regular dialog with our user groups and in stakeholder forums, and jointly align our development goals with practical needs and future requirements. HiScout Data Protection can be combined with other HiScout add-ons such as HiScout Questionnaire, HiScout Business Logic Engine, HiScout DataExchange and HiScout DocGen to include customised processes, questionnaires, workflows, reports and database connections.
Product Sheet
Find all essential information on the HiScout Basic Protection module here.
Request Now!Synergies
A software for different management systems which saves time and effort.
Work more efficiently!