What you put in...
There is no silver bullet for managing data and GDPR compliance but APIMS automates up to 90% of the activities you would otherwise have to do manually with spreadsheets, meetings, reports, etc.
It's like when you first started to use accounting software. It was probably a bit confusing and hard work at first, but can you imagine coping without it now and returning to spreadsheets and manual VAT returns?
Administrator Set-up should take under an hour. You will answer a few questions about your organisation and you will assign each department or function, e.g. HR, Finance, to the appropriate people. You can edit APIMS to use your own terminology and titles.
Set-up of their departments should take 20-30 minutes each.
Try to complete these first two levels of Set-up in the first week. They will answer a few questions about the IT systems and services used by their department and assign a Process Coordinator for each of their processes. If you do need to chase any of them, you can point out that they are accountable to the Board/SLT for everything that happens to personal information in their department, so it's in their interests to get the visibility and control that APIMS will give them!
For the third (final) level of set-up, the people assigned as "Process Coordinators" should set aside 45 minutes to an hour for each process assigned to them. They will get quicker if they have several to do.
Your Administrator Dashboard will show you the Set-up status of each level - you should monitor this and may need to do some chasing to complete APIMS Set-up in time to see the benefits before the free trial ends.
And those benefits are significant.
Simply by completing Set-up, you will have built the foundations for managing compliance and cybersecurity risks for years to come.
But they are only the foundations and there are bound to be a few gaps and errors. So, over the coming months and years, APIMS will set a series of small, 'bite-size' Tasks for individuals to review, fill gaps, correct errors and, of course, to take action to address new risks when they are identified and reported by APIMS.
Accountability never stops but, with APIMS, it should soon become second nature for your people and 'business as usual' for your organisation!
... and what you get out
By the end of the trial (if Set-up is complete), you will have:
- A detailed Record of Processing Activities ('ROPA')
- An accountability framework
- A GDPR Compliance Gap Analysis Report
- A documented Action Plan with owners and due dates
- An online Track & Report tool to monitor progress
- Alerts when DPIAs* are required and online DPIA tool.
... and more
- Leadership and each user can view their area of responsibility
- See overview of risk levels and compliance at a glance...
- ... or drill down to view details in a couple of clicks
- View Risk levels and Control Status in real time
- Log Incidents/Breaches and Data Subject Requests