Convenient data collection at the place of processing

The HiScout Questionnaire templates support you in surveying employees and external service providers via the processing activities carried out by you, or for which you are responsible. The questionnaires are sent, checked and read into the HiScout database through an automated process. A questionnaire for recording processing activities is included in the scope of delivery. You can create your own questionnaires with the HiScout Questionnaire add-on.

Using the standard data protection model

The use of the Standard Data Protection Model (SDM) is recommended by the Data Protection Conference and is mandatory for basic protection. With this method, you ensure that personal data processed in your organisation complies with the data protection regulations. It not only considers the risks of those effected, but also the risks for your organisation.

Safeguarding the rights of persons and parties concerned

The data protection module offers predefined processes for compliance and audit-proof documentation of the rights of persons and parties concerned to deletion, information, data transfer and correction.

Secure handling of data protection incidents

The HiScout process for handling data protection incidents helps you in recording data correctly and tracking data protection breaches. You keep track of the strict reporting deadlines to authorities and those concerned, and assign appropriate measures. Stored time stamps prove that the incident was handled in a GDPR (General Data Protection Regulation) compliant manner.

Multi-client capability at the highest level

Large organisations and consulting firms can manage hierarchical structures with clients and sub-clients in a single HiScout instance. The data can be used generically, as well as client-based. The HiScout authorisation system protects against unauthorised access and guarantees the data sovereignty and confidentiality of the clients.

Screenshot mit Diagrammen zum aktuellen Stand des Datenschutzmanagementsystems im Unternehmenutz Diagramme

Checklist for your data protection tool

All important functions and features of a complete solution for data protection management at a glance – a great help for data protection officials and managers when evaluating a data protection software.

Learn more
HiScout GRC News

Newsletter

Exciting news and interesting facts on HiScout products and topics

Sign up for Newsletter
Kalender Icon für HiScout Termine

Important Dates

Important industry events, HiScout webinars and online seminars at a glance

To Overview
Glühbirne Icon für HiScout Magazin

Magazine

HiScout articles, publications and press releases

To the Topics
HiScout Mitarbeiter am Telefon, um über GRC Tools, BCM, ISMS, Grundschutz und Co. zu sprechen
©
Friends Stock – stock.adobe.com

Advising services at eye-level

We are experts in the field of data protection management! Let us collectively find the best solutions for your organisation.

+49 (30) 33 00 888-0
sales@hiscout.com

Step-by-step to legally compliant data protection management

  1. Directory of the Processing Activities

    You describe all activities occurring in your organisation where personal data (PD) is processed, in the processing activities registry (VVT). The VVT is a mandatory data protection document which complies with GDPR (General Data Protection Regulation), and is the basis for all further activities when creating a data protection management system. It contains the following information:

    • Data protection officer and person responsible
    • Purpose and legal basis of processing
    • Type of data recorded and transmitted
    • Data flow with data origin and data recipient
    • Data-bearing documents, applications and systems,
    • Transferring data to non-EU countries
    • Assignment of legal retention periods
    • Authorisation groups
    • Technical and organizational measures
    • Other accompanying documents
  2. Privacy Impact Assessment (PIA)

    A protection impact assessment with threshold analysis shows whether a Privacy Impact Assessment (PIA) is required. The protection requirement assessment includes a detailed description of the processing, the processed data, the recognised risks and the selected risk-reduction measures. The remaining risks of the processing activity for those affected will be examined, in case a Privacy Impact Assessment (PIA) is required. The PIA in HiScout covers all important areas required by GDPR (General Data Protection Regulation) – the description of the processing activities, weighing the purpose of the processing as opposed to the intervention of the rights of those affected, and the assessment of the residual risks of those affected after the use of minimised measures. Finally, the data protection expert assesses whether the processing activity is still permissible.

  3. Deletion Concept

    The HiScout Data Protection module supports you in administering and carrying out the deletion procedure in accordance with GDPR (General Data Protection Regulation), and in recording the retention periods and legal basis. Existing deletion concepts and other accompanying documents can be embedded. The data stored in the processing directories are automatically prepared and are compiled into a report at the touch of a button in HiScout Version 3.1.2 and higher.

  4. Technical and Organisational Measures

    To ensure secure processing, all organisations which use personal data must define and document technical and organisational measures (TOMs) in accordance with GDPR (General Data Protection Regulation). HiScout allows you to select the measures from all catalogues stored in the program as well as your own measures maintained in other modules. You can then assign these to a processing activity, e.g., from the BSI Basic Protection Catalogue or various compliance guidelines, as well as from the standard data protection module.

  5. Order Processing Contracts

    An order processing contract must be concluded in case personal data is processed in a specific order. HiScout Data Protection offers the following options for mapping order processing conditions in HiScout Version 3.1.2 and higher:

    • Recording of the order processing conditions with the client and subcontractor
    • Assigned repository of the order processing contract
    • Issuing an extract from the VVT with assigned TOMS as proof for the person responsible on the client-side
    • Required notifications of deletions and changes for subordinated contractors
  6. Transfer Impact Assessment

    In order to comply with the new SCC (Standard Contractual Clauses) published by the EU Commission in 2021, a separate risk assessment must be carried out for data transfer to third countries. HiScout Data Protection supports you in carrying out the transfer impact assessment.

A data pool for basic protection, data protection and risk management

The HiScout Data Protection module can be extended to an integrated management system with a common database. A beautiful example of the interaction of the HiScout Basic Protection, HiScout Data Protection, HiScout ISM and HiScout BCM modules: the basic protector becomes active and surveys the processes as well as the required applications. The Emergency Manager is delighted with the collected data and uses it for the Business Impact Analysis. Meanwhile, in the directory of the processing activities, the data protector uses the currently maintained master data to record what data is processed by which application. The basic data protector can incorporate this information into its process analysis to assess the protection requirements.

HiScout technology can be upgraded and is future-proof

The HiScout GRC software is a browser-based multi-user application, which does not require any installation on the client-side. 100% of the development and support are carried out in Germany. The data model and user interfaces of the HiScout Platform can be upgraded and expanded at any time without requiring programming skills, in order to realize individual requirements of our clients. We are in regular dialog with our user groups and in stakeholder forums, and jointly align our development goals with practical needs and future requirements. HiScout Data Protection can be combined with other HiScout add-ons such as HiScout platform can be upgraded and expanded at any time without requiring programming skills, in order to realize individual requirements of our clients. We are in regular dialog with our user groups and in stakeholder forums, and jointly align our development goals with practical needs and future requirements. HiScout Data Protection can be combined with other HiScout add-ons such as HiScout QuestionnaireHiScout Business Logic EngineHiScout DataExchange and HiScout DocGen to include customised processes, questionnaires, workflows, reports and database connections.

Questionnaire

A smart add-on which saves you lots of time and work.

Discover Now!

Product Sheet

Find all essential information on the HiScout Basic Protection module here.

Request Now!

Synergies

A software for different management systems which saves time and effort.

Work more efficiently!
No cookies requiring consent are used on the HiScout website. By continuing to browse the site, you agree to the use of other cookies. Website visits are analysed anonymously and in compliance with data protection regulations using the web analysis tool Matomo. Further information can be found in our privacy policy.