PL EN DE
Best practices for IT service management

The dedicated SNP service organization ensures the quality and continuity of handling of all outsourcing contracts. Our work is based on ISO 20000, ISO 27001, PCoE (SAP Partner Center of Expertise) standards.

SNP Poland is the leader of SAP services market in Poland.
For 25 years (until 2017 - as BCC) we have been providing a full range of implementation, development and maintenance of SAP systems. We provide IT security and software development services.

We are a part of SNP Group - a leading global provider of solutions for transformation of SAP environments .

Since 1995 we have successfully accomplished hundreds of IT project in many countries worldwide.

Our experts present the most interesting solutions of IT world.

See the webinar archive, register for upcoming webinars.

See upcoming webinars:

    No results

Dlaczego uważamy, że SNP jest dobrym pracodawcą? Bo łączymy cechy rzadko spotykane w jednej organizacji - duże możliwości rozwoju, a zarazem dobrą atmosferę i elastyczność środowiska pracy. Dowiedz się więcej, na czym to polega w praktyce!

SNP GDPR Manager not only for the Data Protection Officer

Bringing GDPR under control

Share
Print:
SNP GDPR Manager – is a comprehensive work environment that helps maintain the standards of GDPR on a daily basis. This specific tool supports the daily duties of DPO (Personal Data Protection Officer), but also helps manage and control all GDPR-related issues in the organization.
 

While preparing to meet GDPR requirements the companies and organizations have started to review their processes and procedures to check, if they are compliant with the requirements. Many of them must have realized there are areas in their business where documentation or process knowledge is missing and they don’t have full control over the data processing activities. Seem like implementation of the GDPR assumptions is an excellent moment to organize these areas, however the question is whether we have the right tools and people in place who could bring order to this documentation? SNP has prepared a tool that can support data protection officers in their daily work.

Integration of processes and documentation

SNP GDPR Manager creates a comprehensive work environment for the DPO, supports the management of personal data of all types (including data of employees, customers, recipients of marketing information, suppliers and others), enables effective management of access to personal data with regard to the required documentation and helps improve personal data protection processes on a continuous basis.

Features and capabilities of SNP GDPR Manager:

  • maintaining records of processing activities,
  • keeping a register of powers of attorney and authorizations together with detailed reporting,
  • automatic generation of documents, e.g. powers of attorney and authorizations for employees,
  • checking and verifying agreements with counterparties, including recording all actions in the document flow process,
  • designing and carrying out a risk analysis process for individual processing activities, including the comparability of data over time,
  • planning training programs.

SNP GDPR Manager is a ready-to-use application, available in the cloud (SaaS) or as an on-premise installation.

Role of the Data Protection Inspector (DPO)

Along with a panel for managing registers and requests, the DPO receives access to a dashboard that presents key parameters of the GDPR processes and is useful for reporting progress related to risk reduction, continuous improvement, or simply tracking the number of notifications coming to the organization, like information requests or demand for personal data removal.

To be able to define key system parameters, you must first feed the tool with data. Over time, the panel will allow you to analyze this data. The development potential of this tool depends mainly on the activity of the Data Protection Officer.

The panel enables you to define subpages. The home page provides access to the necessary links and key parameters of the GDPR processes.

Risk analysis

The distinguishing feature of SNP GDPR Manager is its ability to track “grey zones” of our organizations by conducting a periodical risk analysis. A risk is the possibility of an event occurring that will have a negative impact on the security of personal data during its processing. Therefore, the analysis requires a subjective impact assessment, based on the information gathered about the current state of implemented safeguards. The cyclical analysis will allow the organization to track progress towards risk reduction.

The analysis consists in assigning the following attribute values to each personal data processing activity defined in the processing record:

  • List of threats (e.g. unauthorized access, communication channel disruptions, damage to a workstation).
  • Vulnerabilities (hardware failure, employee, communication channel)
  • CIA (Confidentiality, Integrity and Availability)

Then, the risk is assessed as a value resulting from the product of the set values (in the case of the GDPR, it may be the cost of any claims in respect of penalties for negligence regarding personal data) and the likelihood of a threat. After analyzing the existing safeguards, you can determine the residual risk. Existing safeguards should reduce the primary risk to zero. If this is not the case, DPO can think of a remedial plans that will eliminate it.

The GDPR panel allows you to view and compare the risk analyses carried out. The interactive presentation of data on the chart makes it easy to follow the changes and work progress to reduce the risk.

As the operations of processing and the risks associated with it change over time each analysis is recorded as a separate report illustrating the current state of our business. This is influenced by the status of work related to the implementation of security measures, whether through processing policies or physical and technical safeguards. Therefore, SNP GDPR Manager may prove to be a valuable tool that will help in reporting expenses incurred by the organization and assessing their effectiveness as well as planning expenses related to the implementation of subsequent security measures. Remedial plans tracked at SNP GDPR Manager can be associated not only with the risk, but also with possible incidents of loss, distortion or exposing of personal data. After the occurrence of an event and describing its circumstances, we can choose a remedial plan that will mitigate its impact in the future or eliminate subsequent events.

Continuous development

The concept of the GDPR is the transition to an open security model that assumes continuous development and improvement of these processes. Therefore, SNP GDPR Manager is more a framework for handling the GDPR than a closed tool. The ECM engine used as a base for building this tool enables us to easily modify this model and, consequently, follow the business needs. In addition to the definition of the personal data processing activities, some of these data collections can be physically stored in the ECM archive itself, in electronic form (employee files, contracts, applications, etc.).

A directory structure that maps the GDPR framework. In the “Templates” directory, you can store any documents, e.g. contract templates after outsourcing the processing of personal data.

Handling of requests for verification, change or deletion of personal data along with letters or e-mails sent to the organization – GDPR Manager can register and archive documents in a single application.

Since the GDPR directive forces organizations to create its own personal data processing definitions and models, SNP GDPR Manager mainly focuses on processes and defining their key parameters. Lack of these definitions in our organization is what we call “Gray Zones”. It is worth taking the time to define them, because all the conclusions that we will draw from these activities will contribute to improving the quality of services. Let us take advantage of this opportunity.

Rafał Grześkowiak, IT Project Team Leader, SNP Poland

SNP Poland uses GDPR Manager
In accordance with the GDPR guidelines, SNP Poland has implemented the SNP GDPR Manager solution for its own needs. The new tool enables us to support our Data Protection Officer in keeping records of processing activities, handling requests and incidents and planning training cycles in the field of Personal Data Protection. It also helps us facilitate communication with counterparties within the processes of giving consent to personal data processing by SNP Poland as part of our services.
Rafał Grześkowiak, IT Project Team Leader, SNP Poland

Lepszy Biznes

magazyn klientów SNP

Przejdź do bazy artykułów
Share
Print:

Case studies

Whitepapers

Contact form





  1. Personal data is processed pursuant to Article 6 (1) (a) of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 – the General Data Protection Regulation
  2. The data controller is SNP Poland Sp. z o.o. with its registered office in Złotniki, ul. Krzemowa 1 62-002 Suchy Las. Contact data of the Data Protection Supervisor: dpo.pl@snpgroup.com.
  3. Consent to data processing is voluntary, but necessary for contact. Consent may be withdrawn at any time without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
  4. The data will be processed for the purposes stated above and until this consent is withdrawn, and access to the data will be granted only to selected persons who are duly authorised to process it.
  5. Any person providing personal data shall have the right of access to and rectification, erasure, restriction of processing, the right to object to the processing and to the transfer of data, the right to restriction of processing and the right to object to the processing, the right to data transfer.
  6. Every person whose data is processed has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
  7. Personal data may be made available to other entities from the group that SNP Poland Sp. z o.o. is part of – also located outside the European Economic Area, for marketing purposes. SNP Poland ensures that the data provided to these entities is properly secured, and the person whose data is processed has the right to obtain a copy of the data provided and information on the location of the data provision.

Please write an email or call

E-mail office.pl@snpgroup.com
Phone +48 61 827 7000

SNP Poland Sp. z o.o.

Headquarter:
Złotniki, ul. Krzemowa 1
62-002 Suchy Las near Poznań, Poland

Contact us

How can we help?
Write us
Send email
Call us





  1. Personal data is processed pursuant to Article 6 (1) (a) of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 – the General Data Protection Regulation
  2. The data controller is SNP Poland Sp. z o.o. with its registered office in Złotniki, ul. Krzemowa 1 62-002 Suchy Las. Contact data of the Data Protection Supervisor: dpo.pl@snpgroup.com.
  3. Consent to data processing is voluntary, but necessary for contact. Consent may be withdrawn at any time without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
  4. The data will be processed for the purposes stated above and until this consent is withdrawn, and access to the data will be granted only to selected persons who are duly authorised to process it.
  5. Any person providing personal data shall have the right of access to and rectification, erasure, restriction of processing, the right to object to the processing and to the transfer of data, the right to restriction of processing and the right to object to the processing, the right to data transfer.
  6. Every person whose data is processed has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
  7. Personal data may be made available to other entities from the group that SNP Poland Sp. z o.o. is part of – also located outside the European Economic Area, for marketing purposes. SNP Poland ensures that the data provided to these entities is properly secured, and the person whose data is processed has the right to obtain a copy of the data provided and information on the location of the data provision.

General contact for the company
office.pl@snpgroup.com

Question about products and services
info.pl@snpgroup.com

Question about work and internships
kariera@snpgroup.com

+48 61 827 70 00

The office is open
Monday to Friday
from 8am to 5pm