At YourDataSafe™ we thought long and hard about how we pitch this fantastic data governance tool to users. We looked at other digital governance services on the market and the way they priced their product but didn’t like those structures.
YourDataSafe™ wants to be part of the culture change within organisations and help the data compliance teams, officers, or managers to promote best practice when it comes to data processing and reporting. We want organisation to expand to their data governance team to the total number of employees they have. Every member of the organisation will become a data governance officer as part of their everyday role.
How do we do this? Well, it is easy, we give organisations the ability to give every member of their team an access login to YourDataSafe™. We have privilege-level access, so each member of the team will get the appropriate access to achieve what the organisation needs them to do. Data rights requests by law can be given to any member of your organisation and by law they can be delivered in any format, so, writing, verbal, or even on your social media account. How can a data controller take reasonable steps to mitigate against that?
Easy, by allowing every member of the organisation access to YourDataSafe™, as soon as they receive the request, they log into their account and register the request on the appropriate section. This will automatically start an awareness of the request within the main data governance team and provide the information given to the original member of the organisation by the data subject making the request to them. This is an efficient method of mitigating the risk of missing a data rights request, which must be sitting on your risk register on at least a medium risk, you cannot put that too low.
The same for data incidents or breaches, as soon as the email is sent to the wrong person, the sender can log this on YourDataSafe as an incident. The data governance team can assess and investigate immediately.
YourDataSafe™ will improve efficiency with data reporting, increase data protection awareness and culture, and show total accountability for the data controller that they are taking data protection and people’s information security seriously.
How do you put a price on that?
We split the pricing structure into employee groups to represent a company size. Starting at Micro level, so 1 – 5 employees, then 6 – 14, 15 – 50, 51 – 100, 101 – 500, 501 – 750 and 750+. This step system starts with a £500 per year license fee, to a maximum of £9,000 per year.
We have also thought about Charities and the affordability of YourDataSafe™ for them. We are strong believe that funds donated or granted to a charity are mainly to be given to the cause they represent, with a minimal amount going towards the general running of the Charity. That is why we set a fixed license fee of £350 per year for any sized Charity. We know that there are some very large Charities, and we are willing to provide YourDataSafe™ to them all at this rate.
If you break that down to the cost of compliance. Let’s take a medium-sized organisation with 15 – 50 employees. The cost for the YourDataSafe ™ licensee fee per year is £2000. That works out at £2.56 per week per employee for an organisation with 15 employees, or 76p per week for an organisation with 50 employees.
What do I get for my Licensee fee?
With YourDataSafe™ we have already said we want to help your organisation develop or improve the data protection and compliance culture within your team, so you all get the same, regardless of licensee fee level. We structured our licensee fee by the number of employees, not on the service we will offer you. OK, there are some extras you can ‘bolt on’ to your licensee fee, but we will cover that in another blog.
So, what do I get?
- You will get a dashboard as your opening screen. The dashboard tells you in a ‘snapshot’ how your organisation is doing. It will tell you how many data incidents you have live and have had in total, the same for data breaches. You will see all the Data Rights Requests that the organisation has running live or closed. A central risk traffic light system, telling you how many high, medium, and low risks you currently have in your organisation. A list of all DPIA and a latest activity list.
There is also a data inventory ‘snapshot’ telling you how many activities are in each business department.
- A users tab, telling you exactly who has access to the system and at what privilege level. An Admin can change these levels.
- A master list. This is what separates YourDataSafe™ from the majority of the other digital governance offerings. You can populate your dropdowns in the whole system in addition to the ones we have provided for you. If you do not like the ones we have provided you can simply delete them. It is your organisation, build YourDataSafe™ to suit it.
- A Full Data Inventory. Some know this as the ROPA. This is where again we differ. We have not relied on GDPR, if your business is in Jersey and when you filed in the company detail that is the country you selected for your main office, YourDataSafe™ will bring in the Jersey law Articles for your legal basis and conditions for processing. YourDataSafe™ is not a generic system. Same for Guernsey, the UK, EU countries, we use GDPR, and so on. YourDataSafe™ works with the data protection law you have to comply with.
- Data Rights Requests. This is where you log all your data rights requests. It is not just for Access requests, although this automatically starts the count-down clock once identification has been verified. The other data rights requests do not have the time to respond to conditions, so why do you need a count-down clock?
- Data Breach and Incident logs. Recording these is so important. We have split the log into three: No Risk, it is recorded as a data incident. Risk, you are given the steps you need to follow. And High Risk, adds in the requirement to contact Data Subjects. Although we leave that in the Risk section as well, in case your organisation likes to let people know either way. The system works out the time-lapse between being aware, telling the DPO/M, and notification to SA, so you know if you are within the 72 hours or not.
- This is a 10-step process that handholds you through a DPIA. Step 7 is specifically for CCTV, we have the data subject consultation section, upload pictures, maps, and documents. The first four steps are a screener for a full DPIA. YourDataSafe™ will tell you, depending on your answers if you need a full DPIA or if you should seek guidance from your DPO/M or go straight to step 10 for approval.
- Data Risk Log- this is a list of all the High, Medium, and Low risks in the organisation taken from the DPIA’s and data inventory.
- Policy Library. You can upload your own policies to the YourDataSafe™ system, so all your team have access to them from your data governance platform.
- Data Retention Schedule. This is separated from your data inventory to make it easier to access the retention times for your data activities.
Wow! That’s a long list of goodies!! What more do you need to have a centralised data governance system to manage your compliance needed.
All of this is at your fingertips, from anywhere!