Rumya GDPR/FADP

Ensuring compliance with GDPR/FADP

Designed by data protection and IT security specialists, Rumya GDPR is a software that offers a concrete response to companies subject to data protection regulations. It is easy to implement, offers a very pragmatic approach and provides your company with efficient day-to-day support.

With 3 complementary modules, it is easy to simplify your compliance!

Would you like to test our product or have a demonstration?

Contact us

The GDPR - General Data Protection Regulation

The European Union regulation (EU 2016/679) which entered into force on 25 May 2018 aims to:

  • • Define the rules regarding the protection of personal data of individuals with respect to the processing of the data and the rules regarding the free movement of such data.
  • • Protect the fundamental rights and freedoms of individuals.
  • • Ensure the free flow of personal data within the European Union and the relevant countries.

Management of Record of Processing Activities

Rumya GDPR / DPA assists you in the creation of your Record of Processing Activities through a simple and fluid user interface, focusing primarily on the documentation of your company's business processes.

Specifically adapted to national, cantonal and regional regulations, the application integrates repositories containing treatment sheet templates, documentary reports and complete parameterization following the expectations of the authorities operating in the company's location.

The Record of Processing Activities is

the fundamental element of the data protection strategy. The obligation to keep a Record of Processing Activities differs according to the legislation to which the organization is bound.
Under the GDPR, every organization is obliged to keep a Record of Processing Activities. Companies with fewer than 250 employees benefit from a derogation and are only required to enter the following processing operations in the record :
  • Non-occasional processing,
  • processing likely to involve a risk to the rights and freedoms of individuals,
  • processing of sensitive data.
Under the DPA, any company employing fewer than 250 employees and presenting a limited risk to the personal data of the persons concerned is exempt from keeping a record, with the responsibility on the company to demonstrate the limited nature of the risk.
fact_check

Process description

Simple recording of processing activities in line with the expectations of supervisory authorities.

model_training

Model repository and recommendations

Database of standard processing, pre-populated lists and document templates supplied as standard with all our subscriptions.

warning

Detection of anomalies and points of attention.

Real-time analysis of inconsistencies or gaps in company documentation.

crisis_alert

Impact analysis follow-up

Assistance in carrying out impact assessments and full monitoring of impact analysis.

import_contacts

Directory of processing providers and list of applications

Cross-disciplinary lists of all contacts, companies and applications involved in processing. Measure the impact of these collaborations in just a few clicks.

contact_page

Employee training management

Consolidation in a single location of training courses for employees in data protection and information security.

picture_as_pdf

Direct mail

Generate working or compliance documents directly in Word and PDF formats.

account_tree

Group solution

Internal repository, duplication of processes or entities, team management and precise assignment of rights and roles.

Managing individuals’ rights

Rumya GDPR/FADP offers you a tool that makes it easier to manage individuals’ data protection rights.

Specifically created to manage requests according to the principles of privacy by design, the application handles the entire process: from collecting the request to returning the information in a secure extranet via the standardised and traced processing of the request.

Individuals concerned have the following rights:

  1. The right to information
  2. The right to access their personal data
  3. The right to modify their personal data
  4. The right to have their personal data deleted (or the right to be forgotten)
  5. The right to restrict how their personal data is processed
  6. The right to data portability
  7. The right to object to their personal data being processed in certain circumstances
  8. The right to be given an explanation regarding any decision made pertaining to automation or profiling
assignment

Application forms

Automated creation and online publication of forms dedicated to the persons concerned

supervised_user_circle

Assistance in processing applications

Providing users step-by-step support in the response process

open_in_browser

Collection of personal data

Manual or automated import to collect the information to be communicated to data subjects

settings_input_hdmi

Customised connectors (API)

Personal data collection

screen_lock_landscape

Secure extranet

Secure area for data subjects to access their information

storage

Dashboard

Interface to quickly view the status of applications

assignment_turned_in

Archiving centre for completed applications

Recording and classification of requests and responses according to legal principles

picture_as_pdf

Documentation centre

Documentary database to store all compliance-related files

account_balance

Specific access for the Data Protection Officer

Management space, dashboard and multi-company settings

domain

Multiforms

Integration of multiple forms by sector, industry, entity, etc.

notifications_active

Notifications and tasks

Automatic reminders and task management between users

contact_phone

Non-form applications

Receipt and processing of requests received by email, telephone, etc.

group

Management of user rights

Personal, secure and controlled access to application processing

assessment

Statistics

Visual reporting of application volumes and processing times

Management of data breaches

Rumya GDPR/FADP supports companies if their data is breached.

The application aims to describe and document the breaches according to legal principles. It guides the company in its decisions according to the type of breach and enables it to act accordingly by transmitting information to the persons concerned and to the supervisory authorities.

Personal data breaches

Any organisation that processes personal data must have measures in place to:
  • prevent breaches,
  • document any breaches,
  • notify the supervisory authority,
  • communicate the breach to the persons concerned.
list_alt

Description of the notification

Form for recording breach-related information according to the recommendations of the supervisory authorities

history

Entering the chronology of breach

Details of the discovery and management of the breach

ballot

Presentation of the measures in place

Description of the measures in place prior to the breach and the consequences for those affected

today

Action planning

Description of future actions and measures to be implemented to address the breach

supervisor_account

Collaborative space for crisis management

Discussion forum and secure data room for crisis management coordination between stakeholders

assignment_ind

Automated reporting to data subjects

Email or direct mail notification of the breach and follow-up of the statements

account_balance

Automated reporting to the supervisory authority

Sending the notification to the supervisory authority according to the reporting methods in force (electronically, Excel file, email)

dynamic_feed

Versioning and historization according to legal principles

Saving and archiving each version of the notification, comments and changes made

Consent management

Rumya GDRP/FADP aims to manage all information related to the consents of individuals, whether they are customers, employees, or otherwise.

This processing of information extends from the collection of consent, in all its forms, to its withdrawal or deletion and also manages versions of contractual clauses.

Consent

Defined as "any freely given, specific, informed and unambiguous indication of a data subject’s wishes by which they signify their agreement, through a declaration or a clear positive act, to have their personal data processed.
Special attention should be paid to the following points:
  • allowing for the right of withdrawal,
  • making it possible to prove consent,
  • managing the consent of minors,
  • special case of explicit consent.
autorenew

Management of the consent life cycle

Consultation of consent status and management of the versions of associated documents

contact_mail

Collection of consent

Multi-channel consent request and collection via form, email, SMS or dedicated API

policy

Traceability and guarantee of inalterability

Historization of consents using algorithms and chain signatures

child_friendly

Management of parental consent

Integration of the particularities related to the consent of minors and management of the transition to legal age

assignment

Managing explicit consent

Integration of handwritten signatures where necessary

remove_circle

Withdrawal of consent

Timestamp of withdrawal and visualisation of impacts on processing activities

settings_input_hdmi

Connectors and PLCs

Tailor-made integration of consents into the company's IT ecosystem

Noteworthy information

https

Data encryption

Transversal securing of exchanges and data

settings

Fully customisable

Customisation of request and response forms according to the particularities of a company

verified_user

Data historization

Archiving of requests and responses according to legal principles

delete_sweep

Automated cleaning

Automatic procedure for destroying access and information

remove_from_queue

White mark

Possibility of customising the software to your own colours

g_translate

Multilingual

Forms and management interfaces available in several languages