The DPE Knowledge Bank
Our Knowledge Bank is more than a repository of content. It is a suite of content, tools and resources to support and document your compliance.
All the tools support a self-service approach where your team and appointed DPO manage your organisation. Where Data Protection Education is your DPO, then we use the Knowledge Bank for monitoring and verification of your data protection programme.
All the tools and content support the delivery of the DPE Framework so that you can be confident that you have the means to develop and document your compliance whilst measuring progress along the way.
The Knowledge Bank is available as a standalone platform or available as part of our DPO package (though it is not included with our GDPRiS customers). We can support your data protection lead or DPO on the Knowledge Bank, or it can be completely self-contained and managed by your designated DPO or staff member.
Dashboard
The Dashboard is the first screen you see when you login, giving you a colour-coded summary of the status available tools including support tickets; SAR, breach, FOI logs; record of processing, training records, compliance manager activity and more.
The dashboard has different options for different roles.
System Managers and Administrators see all the consolidated data for all organisations they are assigned to (e.g within a trust), with the ability to drill down into each organisation and to view/manage the detail within each of the tools.
Trustee user-types can see the dashboard-level data for the top level organisation and select an individual organisation, but cannot enter any specific data held within the tools.
The Dashboard and each area of the Knowledge Bank is supported by a video walkthrough and documentation.
We also ensure you are fully supported with our consultants who will give you support each step of the way.
Best Practice Library
The best practice library is the section of the Knowledge Bank where you will find contextualised guidance, documents and resources on specific areas of data processing.
All users - admin, manager and staff users can access the best practice library
Each best practice library content section is accompanied by a rag-rated checklist so that you can monitor the progress of implementation.
The checklists have a summary page, useful for reporting purposes and stats are reported on the dashboard page.
Logs
We have logs for managing the rights of data subjects, data breaches and freedom of information requests.
They are for organisational managers to log issues in order that the DPO can monitor and assist with the process, ensuring that the outcome is compliance and that there is a documented audit trail.
They record all the relevant activity and guidance in relation to each issue and automatically send notifications to key actors to ensure adherence with key timeframes.
The logs are visible to site administrators and managers.
Staff users, unless assigned special access cannot see the logs.
Trustee users can see the summary statistics on the dashboard, but are not able to view any of the detail.
Compliance Manager
The Compliance Manager is a tool that allows you to assign documents to staff and get a confirmation when the document had been marked by the user as "read and understood" or additionally, you can request that the user adds an additional statement on how the document has been used in practice.
Neither response is available until the user has reached the bottom of the assigned document and actions are accompanied by timestamps, including how long the document has been open.
Documents in the Compliance Manager can be assigned by administrators and managers, but can be assigned to any user on the Knowledge Bank.
Any regular office document can be assigned.
File types supported are: pdf, doc, docx, ppt, pptx, xlsx, xls
Record of Processing
The RoP is the tool to document all your obligations under GDPR Article 30 "Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility."
Our RoP tool goes beyond that, with additional capability and functionality to ensure that you can use this data to monitor and assess these processes for their efficiency as well as data protection compliance.
We appreciate that completing the RoP can be daunting - that's why we have a list of generic processes that we provide and work with you as DPO to adopt and adapt these processes to you organisation.
The RoP is for administrators and managers, though special access can be defined for individual staff users.
Multiple separate risks can be documented and mitigations attached to each data flow within the process, with risk reports produced.
Additionally, we also use the tool for data protection impact assessments, to assess and monitor risk in proposed new systems. Once your system goes live, all you need to do is change the status.
A process can have multiple connected steps and using our data flow tab on the RoP these can all be documented, with details about the systems, location and security of the data at each step. Using the risks tab - these can be mapped against specific risks during each step.
A long list of steps during a process is difficult to grasp, and we believe that whilst detail is important, a picture speaks a thousand words. So each process comes with a visualisation of the data flows with key security risks highlighted.
If people are often assumed to be the biggest risk, then we believe that we should ensure that the people involved in a process have the requisite proficiencies in order to perform their tasks within that process.
The RoP allows you to map staff roles against each process and the required proficiency from the DPE Data Protection Skills Framework. Our reports then give you a report of skills required by that role in all the processes in which they are involved.
Coming soon, we will be automating these reports so that users can be mapped to their job role and have personalised assessments and training available on the Knowledge Bank, based on their skills requirement profile.
The RoP can be complex and technical, especially on the legal requirements. As DPO we help you document these on the RoP including:
- Lawful basis of processing
- Rights of data subjects
- Adherence to data protection principles
- International data transfers
- Retention
There's a lot of data in the RoP and we don't just want it because it's a compliance requirement.
Let's use the data to save time, inform and make data-driven decisions.
Firstly, let's automate the production of privacy notices and retention schedules that are unique to the processing that you do.
Then let's produce risk reports highlighting the priority areas that need attention, comparing to organisations that do the same process - but better.
Let's use the information we collect on software and hardware resources to feedback into procurement decisions
Data in spreadsheets doesn't get used. Using the tools in the RoP allow you to benefit from improvements to how you work, well beyond the compliance requirement.
Learning Management
In addition to offline powerpoints and other resources, the main learning resources are found in the "My Courses" section of the Knowledge Bank.
These allow users to self-enrol and take a wide range of GDPR and information security courses, some of which are bite-sized 5-10 minute modules to ensure that training can be done regularly, but without becoming too onerous.
Training is available for everyone using the Kwoledge Bank and resources are available for those staff who may not be able to access online training, for example some facilities or lunchtime staff.
Administrators and managers have full access to reporting to see progress and completion through courses.
Available reports show enrolment status, completion status, pass marks and time spent.
Each course comes with a certificate of completion.
Thought leadership
Our thought leadership programme informs what we do.
We have enabled two members of our team to gain Master of Law degrees, specialising in data protection. Research elements within this have focussed on areas where we can pass on our knowledge to you.
Not only do we do this in our news items, but we share all our knowledge throughout our team and to our customers through our best practice content and importantly, in our responses to your issues.
We have regular public webinars and others for our DPO customers covering a wide range to topics from using the Knowledge Bank tool effectively, through to data protection issues of the day.
Contact us today with any questions or for a
Free Consultation
Call us with any questions
0800 0862018
or email us on
info@dataprotection.education