Getting GDPR-ready with PORT is quick and simple.
1. Connect your personal data to PORT
First thing’s first, you will need to get the personal data that you use into PORT. That way we can begin building a picture of the personal data that you hold, how you use it and who you share it with.
There are a number of different ways to connect your personal data to PORT. You can:
a) Use one of our pre-built integrations:
We have built (and are continuing to build) a series of integrations with commonly-used services such as MailChimp. All you need to do is authenticate your relevant account and our systems will be in sync.
b). Connect a service via API:
You can also connect anything you like via our API all you need is a good developer and a couple of days.
c). Connect any data with a CSV or Excel upload:
Got data sitting on spreadsheets or in systems that aren’t connected? No problem.
You can pull data from any system into a spreadsheet, make sure it is either a CSV or Excel format and then plug it straight into PORT.
d). Connect an SQL database:
Got data sitting on an SQL database? No problem.
All you need to do is provide some details about your SQL database, write the appropriate SQL query and then plug the data straight into PORT
2. Map your data
Next you need to identify who you share personal data with using our data mapping tool. This could be anyone or anything from software you use to deliver emails, a marketing agency you work with, or even your accountant.
We will start you off by scanning your website and identifying some of the tools that you use that might hold personal data.
Then you’ll need to source the tools and businesses that we weren’t able to identify from your website. This might require some thinking and research on your part, especially if you’re part of a larger organisation - but understanding (and controlling) where and with whom you share personal data is essential for good personal data management and being GDPR-ready.
The good news is our database of systems and businesses will help you automatically identify the basis on which data is transferred abroad, and if any of the systems or businesses you work with are based outside the EU.
3. Create data agreements and assign them to the right individuals
One of the most crucial steps is to define exactly how you use personal data. We do this by creating data agreements which capture everything from how long you keep data to what legal basis it is held under.
These data agreements will serve firstly as your record of processing. And when you align them to the right individuals you will have a full and comprehensive picture of each individuals’ personal data and how it is being treated.
For each data agreement you will need to be able to provide the following information:
- The purpose of using the personal data
- The legal basis on which that data is held
- The period of time that data is kept for
- Who it is shared with
- Whether the data will leave the EU
- Whether the data is subject to automated decision making
To give an example, imagine an ecommerce business that sells socks. At a basic level they would be using personal data for two main reasons. To sell you socks and deliver them to your house, and to market to you to get you to buy some more socks. This company would create two data agreements to capture how it uses personal data; one for marketing and one for selling socks.
4. Set up your portal and request settings
Once those first three steps are completed, we have a full picture of how you use personal data. This means we can open up lines of communication with the people whose personal data you manage.
Setting up the portal is simple, you can brand a sub-domain for people to gain access to their data and then use the unique invite links that we’ve automatically created for everyone you’ve imported into PORT to give individuals access to the data that you hold on them and show them exactly what you’re doing with it.
From their portal accounts they can exercise their rights over their data. You can then define how you would like to deal with these and assign who should be notified.
5. Access our optional features
You can then set up any of the optional features that you think your business needs.
Set the branding and amend the standard wording to our data receipts and you can automatically notify new users when they give you their information.
6. Claim your badge and stay in control
Once you’ve set things up you can claim your GDPR-ready badge to demonstrate that you take privacy seriously.
Finally, it’s important to remember that GDPR is not a one-off tick box exercise and something that you should be paying attention to continually. PORT provides you with the tools you need to stay compliant.