Rumya GDPR/FADP

Ensuring compliance with GDPR/FADP

Designed by data protection and IT security specialists, Rumya GDPR is a software that offers a concrete response to companies subject to data protection regulations. It is easy to implement, offers a very pragmatic approach and provides your company with efficient day-to-day support.

With 3 complementary modules, it is easy to simplify your compliance!

Would you like to test our product or have a demonstration?

Contact us

The GDPR - General Data Protection Regulation

The European Union regulation (EU 2016/679) which entered into force on 25 May 2018 aims to:

  • • Define the rules regarding the protection of personal data of individuals with respect to the processing of the data and the rules regarding the free movement of such data.
  • • Protect the fundamental rights and freedoms of individuals.
  • • Ensure the free flow of personal data within the European Union and the relevant countries.

Gestion des registres d'activités de traitement

Rumya RGPD / LPD vous assiste dans la création de votre registre d’activités de traitement à travers une utilisation simple et fluide se concentrant principalement sur la documentation des processus métier de l’entreprise.

Spécifiquement adaptée aux réglementations nationales, cantonales et régionales, l’application intègre des référentiels contenant des modèles de fiches de traitement, des rapports documentaires et un paramétrage complet selon les attentes des autorités relatives à la situation de l’entreprise.

Le registre d'activités de traitement est

l’élément fondamental de la stratégie de protection des données. L’obligation de tenir un registre d’activités de traitement est différente selon la législation à laquelle l’organisation est liée.
Sous le RGPD, tout organisme a l’obligation de tenir un registre des traitements. Les entreprises de moins de 250 salariés bénéficient d’une dérogation et ont seulement l’obligation d’inscrire au registre les traitements suivants :
  • les traitements non occasionnels,
  • les traitements susceptibles de comporter un risque pour les droits et libertés des personnes,
  • les traitements qui portent sur des données sensibles.
Sous la LPD, toute entreprise employant moins de 250 collaborateurs et présentant un risque limité pour la personnalité des personnes concernées est exemptée de la tenue d’un registre, charge à l’entreprise de démontrer le caractère limité du risque.
fact_check

Descriptif des traitements

Saisie en toute simplicité des activités de traitement selon les attentes des autorités de contrôle.

model_training

Référentiel de modèles et recommandations

Base de données de traitements types, de listes pré-alimentées et de modèles de documents fournis en standard dans tous nos abonnements.

warning

Détection des anomalies et points d’attention.

Analyse en temps réel des incohérences ou manques dans la documentation de l’entreprise.

crisis_alert

Suivi des analyses d’impact

Assistance à réalisation des évaluations d’impact et suivi complet de la réalisation des analyses d’impact.

import_contacts

Annuaire des intervenants sur les traitements et liste des applications

Listes transversales de tous les contacts, entreprises et applications liés aux traitements. Mesure des impacts de ces collaborations en quelques clics.

contact_page

Gestion des formations des collaborateurs

Consolidation en un seul lieu des formations suivies par les collaborateurs dans le cadre de la protection des données et de la sécurité de l’information.

picture_as_pdf

Publipostage

Génération des documents de travail ou de conformité directement aux formats Word et PDF.

account_tree

Solution groupe

Référentiel interne, duplication de traitements ou d’entités, gestion des équipes et attribution précise des droits et des rôles.

Managing individuals’ rights

Rumya GDPR/FADP offers you a tool that makes it easier to manage individuals’ data protection rights.

Specifically created to manage requests according to the principles of privacy by design, the application handles the entire process: from collecting the request to returning the information in a secure extranet via the standardised and traced processing of the request.

Individuals concerned have the following rights:

  1. The right to information
  2. The right to access their personal data
  3. The right to modify their personal data
  4. The right to have their personal data deleted (or the right to be forgotten)
  5. The right to restrict how their personal data is processed
  6. The right to data portability
  7. The right to object to their personal data being processed in certain circumstances
  8. The right to be given an explanation regarding any decision made pertaining to automation or profiling
assignment

Application forms

Automated creation and online publication of forms dedicated to the persons concerned

supervised_user_circle

Assistance in processing applications

Providing users step-by-step support in the response process

open_in_browser

Collection of personal data

Manual or automated import to collect the information to be communicated to data subjects

settings_input_hdmi

Customised connectors (API)

Personal data collection

screen_lock_landscape

Secure extranet

Secure area for data subjects to access their information

storage

Dashboard

Interface to quickly view the status of applications

assignment_turned_in

Archiving centre for completed applications

Recording and classification of requests and responses according to legal principles

picture_as_pdf

Documentation centre

Documentary database to store all compliance-related files

account_balance

Specific access for the Data Protection Officer

Management space, dashboard and multi-company settings

domain

Multiforms

Integration of multiple forms by sector, industry, entity, etc.

notifications_active

Notifications and tasks

Automatic reminders and task management between users

contact_phone

Non-form applications

Receipt and processing of requests received by email, telephone, etc.

group

Management of user rights

Personal, secure and controlled access to application processing

assessment

Statistics

Visual reporting of application volumes and processing times

Management of data breaches

Rumya GDPR/FADP supports companies if their data is breached.

The application aims to describe and document the breaches according to legal principles. It guides the company in its decisions according to the type of breach and enables it to act accordingly by transmitting information to the persons concerned and to the supervisory authorities.

Personal data breaches

Any organisation that processes personal data must have measures in place to:
  • prevent breaches,
  • document any breaches,
  • notify the supervisory authority,
  • communicate the breach to the persons concerned.
list_alt

Description of the notification

Form for recording breach-related information according to the recommendations of the supervisory authorities

history

Entering the chronology of breach

Details of the discovery and management of the breach

ballot

Presentation of the measures in place

Description of the measures in place prior to the breach and the consequences for those affected

today

Action planning

Description of future actions and measures to be implemented to address the breach

supervisor_account

Collaborative space for crisis management

Discussion forum and secure data room for crisis management coordination between stakeholders

assignment_ind

Automated reporting to data subjects

Email or direct mail notification of the breach and follow-up of the statements

account_balance

Automated reporting to the supervisory authority

Sending the notification to the supervisory authority according to the reporting methods in force (electronically, Excel file, email)

dynamic_feed

Versioning and historization according to legal principles

Saving and archiving each version of the notification, comments and changes made

Consent management

Rumya GDRP/FADP aims to manage all information related to the consents of individuals, whether they are customers, employees, or otherwise.

This processing of information extends from the collection of consent, in all its forms, to its withdrawal or deletion and also manages versions of contractual clauses.

Consent

Defined as "any freely given, specific, informed and unambiguous indication of a data subject’s wishes by which they signify their agreement, through a declaration or a clear positive act, to have their personal data processed.
Special attention should be paid to the following points:
  • allowing for the right of withdrawal,
  • making it possible to prove consent,
  • managing the consent of minors,
  • special case of explicit consent.
autorenew

Management of the consent life cycle

Consultation of consent status and management of the versions of associated documents

contact_mail

Collection of consent

Multi-channel consent request and collection via form, email, SMS or dedicated API

policy

Traceability and guarantee of inalterability

Historization of consents using algorithms and chain signatures

child_friendly

Management of parental consent

Integration of the particularities related to the consent of minors and management of the transition to legal age

assignment

Managing explicit consent

Integration of handwritten signatures where necessary

remove_circle

Withdrawal of consent

Timestamp of withdrawal and visualisation of impacts on processing activities

settings_input_hdmi

Connectors and PLCs

Tailor-made integration of consents into the company's IT ecosystem

Noteworthy information

https

Data encryption

Transversal securing of exchanges and data

settings

Fully customisable

Customisation of request and response forms according to the particularities of a company

verified_user

Data historization

Archiving of requests and responses according to legal principles

delete_sweep

Automated cleaning

Automatic procedure for destroying access and information

remove_from_queue

White mark

Possibility of customising the software to your own colours

g_translate

Multilingual

Forms and management interfaces available in several languages