Your business is likely to be impacted by GDPR compliance – can you handle it?


ServiceNow® as a tool is very well positioned to help solve the challenges with GDPR compliance. The reason for this, is that it frequently has all the business services and locations the company operates in already defined and present. ServiceNow® is also a system of record and a workflow engine at its core, with built-in auditing. When you include the GRC module with its Compliance, Risk, Vendor Risk, Security Risk and Audit engine, you have the foundations of a best-in-class system to implement and run a GDPR capability.


The TESM, a DXC Technology Company, GDPR application has been built to help ServiceNow® customers meet the requirements set out in the GDPR regulation for their entire organisation, not just on the ServiceNow® platform.

Download the datasheet


An end-to-end solution, covering all areas of an installation.


Any business is likely to have personal data (PD) held across several areas of the organisation, not just the ServiceNow® instance. The TESM GDPR solution provides an end-to-end solution covering all areas of an installation, with the following capabilities:


We are very proud of this application and would love you to get in touch to find out more. Take a look on the ServiceNow® Store, or contact us using the form at the bottom of the page.


Visit ServiceNow Store

An end-to-end solution, covering all areas of an installation.


Any business is likely to have personal data (PD) held across several areas of the organisation, not just the ServiceNow® instance. The TESM GDPR solution provides an end-to-end solution covering all areas of an installation, with the following capabilities:


We are very proud of this application and would love you to get in touch to find out more. Take a look on the ServiceNow® Store or contact us today.


Visit ServiceNow Store

Michael Godec

Managing Director APAC - TESM, a DXC Technology Company

mgodec@dxc.com

Contact us if you would like more information on the TESM GDPR application.

The TESM GDPR application is also available from the ServiceNow® store


CONTACT DXC FRUITION

Contact us if you would like more information on the TESM, a DXC Technology Company, GDPR application.

CONTACT DXC FRUITION

The TESM GDPR application is also available from the ServiceNow® store


Michael Godec

Managing Director APAC - TESM, a DXC Technology Company

mgodec@dxc.com

THE GDPR app has the following key features:


1. Data Subject Requests

We provide a portal that allows internal and external users to submit requests to meet their data protection rights (right to access, right to object, right to rectification, etc.). These requests are tracked using SLAs to ensure they are completed within the required time frame. Each request can be configured to create tasks for system owners to provide data to complete the requests based on the associated processing activities.


2. Data Processing Impact Assessment

GDPR requires that any high risk data processing undergoes a formal impact assessment to ensure the processing is appropriate and the organisational and physical security measures are proportionate. Our application allows users to request to perform new data processing. This then creates a workflow that assesses the risk of the processing through questionnaires to gather further information to drive a calculated risk assessment. Finally, it provides a formal approval of the processing. This ensures that all your processing has been appropriately reviewed. The results of the assessment are then linked back to the appropriate entries in your Risk Framework to ensure Article 35 is adhered to.


3. Record of Processing Activities

Each piece of personal data that is processed must be documented via a Record of Processing Activity (ROPA). The tool provides a mechanism to record this that captures all the relevant information to meet Article 30. A description of the processing is then enriched by associating the data category, relevant data processors (internal and external), controllers and recipients. The purpose is also categorised for easier communication with recipients and firm-wide reporting. The legal basis for the processing is also documented. Each piece of personal data is classified and can be mapped to a business system or application via your configuration data. This ensures that data breaches can be effectively managed. The security measures enforced during the processing are also documented e.g. Anonymised, Encrypted. If data is transferred to recipients outside the EU you can also document where it is being sent and what protection is in place through equivalency statements, modal clauses or corporate binding rules. Retention schedules can also be defined against the data assets that are being processed, to ensure data is kept for an appropriate period.


4. Data Breaches

To allow you to quickly and efficiently manage data breach reporting we have provided a capability to log data breaches. This allows you to capture associated incidents and the relevant record of processing statements, so you understand what data could have gone missing and who might be impacted. Each breach can also track tasks to manage and mitigate the breach within the 72-hour SLA. This allows you to meet your data breach obligations with the ICO. These breaches can also be linked to your operational risks within your organisation to enable them to be managed and quantified.


5. Consent

One of the lawful bases for processing is consent. This is widely regarded as one of the hardest to implement properly, due to the complexity of requesting and maintaining those consent records. Our application provides you with a repository that can store all of the consent records from any system with their current state and can trigger renewals before they expire. This ensures you know who has consented to what processing and that it is current. The table can be programmatically updated by systems like Salesforce, Campaign monitor, etc.


6. Security Model

Access to the application is modelled on the roles defined in the regulation so you can assign permissions to your Data Processing Officer, controllers, representatives, processors and subjects.


6. PDF Export

The ICO has the authority to ask for your record of processing statements and the associated impact assessments. Our application allows you to easily consolidate and export this information into a PDF so you can quickly provide this information without having to resort to spreadsheet manipulation.


7. Audit Log

ServiceNow® has very good native auditing capabilities that track changes to each and every field within our application. However, the data is not very consumable. We provide a more human audit log of activities that can be provided to the regulatory authorities on request making it easier to understand what element of your data processing has changed across your DPIA, DSAR, ROPA and Consent data.


8. Deployment

The application is deployed via the ServiceNow® store and regular updates and improvements will be provided according to our product release schedule and the changes in the GDPR landscape. A professional services engagement from TESM can also be provided to implement the application, configure and import customers data to get you up and running as quickly as possible.


9. Pre-requisites

The application requires you to be running a supported version of ServiceNow® with access to the store to be installed. The application requires the GRC and Performance Analytics modules to be installed to get the full benefit, however parts of it can be used without this in place.


THE GDPR app has the following key features:


1. Data Subject Requests

We provide a portal that allows internal and external users to submit requests to meet their data protection rights (right to access, right to object, right to rectification, etc.). These requests are tracked using SLAs to ensure they are completed within the required time frame. Each request can be configured to create tasks for system owners to provide data to complete the requests based on the associated processing activities.


2. Data Processing Impact Assessment

GDPR requires that any high risk data processing undergoes a formal impact assessment to ensure the processing is appropriate and the organisational and physical security measures are proportionate. Our application allows users to request to perform new data processing. This then creates a workflow that assesses the risk of the processing through questionnaires to gather further information to drive a calculated risk assessment. Finally, it provides a formal approval of the processing. This ensures that all your processing has been appropriately reviewed. The results of the assessment are then linked back to the appropriate entries in your Risk Framework to ensure Article 35 is adhered to.


3. Record of Processing Activities

Each piece of personal data that is processed must be documented via a Record of Processing Activity (ROPA). The tool provides a mechanism to record this that captures all the relevant information to meet Article 30. A description of the processing is then enriched by associating the data category, relevant data processors (internal and external), controllers and recipients. The purpose is also categorised for easier communication with recipients and firm-wide reporting. The legal basis for the processing is also documented. Each piece of personal data is classified and can be mapped to a business system or application via your configuration data. This ensures that data breaches can be effectively managed. The security measures enforced during the processing are also documented e.g. Anonymised, Encrypted. If data is transferred to recipients outside the EU you can also document where it is being sent and what protection is in place through equivalency statements, modal clauses or corporate binding rules. Retention schedules can also be defined against the data assets that are being processed, to ensure data is kept for an appropriate period.


4. Data Breaches

To allow you to quickly and efficiently manage data breach reporting we have provided a capability to log data breaches. This allows you to capture associated incidents and the relevant record of processing statements, so you understand what data could have gone missing and who might be impacted. Each breach can also track tasks to manage and mitigate the breach within the 72-hour SLA. This allows you to meet your data breach obligations with the ICO. These breaches can also be linked to your operational risks within your organisation to enable them to be managed and quantified.


5. Consent

One of the lawful bases for processing is consent. This is widely regarded as one of the hardest to implement properly, due to the complexity of requesting and maintaining those consent records. Our application provides you with a repository that can store all of the consent records from any system with their current state and can trigger renewals before they expire. This ensures you know who has consented to what processing and that it is current. The table can be programmatically updated by systems like Salesforce, Campaign monitor, etc.


6. Security Model

Access to the application is modelled on the roles defined in the regulation so you can assign permissions to your Data Processing Officer, controllers, representatives, processors and subjects.


6. PDF Export

The ICO has the authority to ask for your record of processing statements and the associated impact assessments. Our application allows you to easily consolidate and export this information into a PDF so you can quickly provide this information without having to resort to spreadsheet manipulation.


7. Audit Log

ServiceNow® has very good native auditing capabilities that track changes to each and every field within our application. However, the data is not very consumable. We provide a more human audit log of activities that can be provided to the regulatory authorities on request making it easier to understand what element of your data processing has changed across your DPIA, DSAR, ROPA and Consent data.


8. Deployment

The application is deployed via the ServiceNow® store and regular updates and improvements will be provided according to our product release schedule and the changes in the GDPR landscape. A professional services engagement from TESM can also be provided to implement the application, configure and import customers data to get you up and running as quickly as possible.


9. Pre-requisites

The application requires you to be running a supported version of ServiceNow® with access to the store to be installed. The application requires the GRC and Performance Analytics modules to be installed to get the full benefit, however parts of it can be used without this in place.


Get the insights that matter.

Keep up to date with technology and innovation, now and in the future.

First name is required
Last name is required

Get the insights that Matter.

Keep up-to-date with technology and innovation, now and in the future.

Work email is required or value is not valid
Job title is required

Get the insights that Matter.

Keep up-to-date with technology and innovation, now and in the future.

Welcome onboard!

Thank you for choosing to receive updates from DXC. Please check your inbox and click the email to confirm your consent.

@DXCTechnology DXCTechnology