This new tool supports entrepreneurs and start-ups to develop GDPR-compliance processing activities what involve strong innovative features and the use of new technologies.
Much in the same way as FACILITA – RGPD, FACILITA – EMPRENDE is a free, user friendly tool based on a series of guided questionnaires that enable categorization of the types of processing carried out by the company. At the end of this execution, a series of adapted documents are provided to be used as guidelines and support in order to comply with obligations provided by applicable regulations on data protections. Specifically, the following will be obtained:
pre-printed Records of Processing Activities (RAT);
the incident record form in order to comply with article 33.5 regarding the documents of security breaches that affect or may affect personal data;
a set of contractual clauses to be included in any contacts subscribed with providers and data processors;
a series of recommendations and guidelines in order to help you with the process of adaptation with regard to management of security breaches, assistance to the exercise of rights, recommendations on video surveillance, and specific instructions for the management of the risks associated to processing, as well as privacy strategies and security measures to be implemented.
A series of recommendations to prevent digital harassment.
However, unlike FACILITA – RGPD, and as a consequence of the types of processing usually associated to business models developed by the type of companies targeted by FACILITA - EMPRENDE, it is possible that the company is not in a low-risk scenario, for example, if the data controller provides users with a mobile app through which geolocation data are provided in order to showcase different services according to the location of the data subject. In such cases, it shall be necessary to tailor and complement any deliverable obtained by means of other resources and materials provided by the Agency and by the output of other types of tools such as GESTIONA – EIPD.
In any case, you must consider that this tool may be used only as support and that, therefore, obtaining the resulting documents does not imply by itself automatic compliance with the obligations provided by the relevant regulations. The controller and, where applicable, the processor, must carefully review the resulting documents to adapt and update them to the specific and precise situation of the proceeding conducted by the entity at all times.