Brand24
GDPR Compliance Rating calculation is based on the information provided by the software vendors internally in WeControl Dashboard.
Here are the details of the calculation method:
a. Three and a half stars can be granted for all positive answers on the general questions tab.
b. Half of a star is added if a software vendor has completed the GDPR Task List for at least 90%.
c. Half of a star is added if a software vendor has audited all 3rd party vendors used in Due Diligence section.
d. Half of a star is added if you have uploaded your standard Data Processing Agreement / Addendum to the rated technology.
e. One star is taken away if any answer on the GDPR Compliance State tab is either 'no' or 'unknown' (exception is ISO27001 question).
f. One star is taken away if any field on the Subject Access Rights tab (in the Data Subjects section) is blank.
Here are the details of the calculation method:
a. Three and a half stars can be granted for all positive answers on the general questions tab.
b. Half of a star is added if a software vendor has completed the GDPR Task List for at least 90%.
c. Half of a star is added if a software vendor has audited all 3rd party vendors used in Due Diligence section.
d. Half of a star is added if you have uploaded your standard Data Processing Agreement / Addendum to the rated technology.
e. One star is taken away if any answer on the GDPR Compliance State tab is either 'no' or 'unknown' (exception is ISO27001 question).
f. One star is taken away if any field on the Subject Access Rights tab (in the Data Subjects section) is blank.
Is Brand24 GDPR Compliant?
More information on Data Processor selection due diligenceIs your company incorporated in the EU?
Unknown
The EU Directive 95/46/EC states that personal data can only be transferred to countries outside the EU and the EEA when an adequate level of protection is guaranteed. However, several exceptions (or 'derogations') to this rule could be applicable.
Has a company conducted information audit to map data flows?
Unknown
Records management sets out your organisation’s compliance with GDPR Article 30 which states that a controller or the controller's representative shall maintain a record of processing activities (ROPA) under its responsibility.
We strongly recommend you to use our Records management tool to keep your ROPA under control.
Does a company take appropriate measures to ensure the security of processing?
Unknown
Article 32
1. pseudonymisation and encryption of personal data
2. ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
3. ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing
2. ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
3. ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing
Does a company provide data protection awareness training for all staff?
Unknown
Your organization is committed to ensuring that all staff has access to data protection training which enables them to be suitably knowledgeable and skilled to carry out their role within your organization according to GDPR requirements.
We strongly recommend you to use our Data Protection Training tool to train your employees and track their progress.
We strongly recommend you to use our Data Protection Training tool to train your employees and track their progress.
Does a company process data on the documented instructions of a controller? Is there a written contract that includes all necessary obligations?
Unknown
Has a company appointed a representative within the EU in writing?
Unknown
According to Article 27 you should appoint a representative within the EU in writing if your company:
a. Offers goods or services, irrespective of whether a payment of the data subject is required, to data subjects in the Union; or
b. Monitor the behavior of data subjects as far as their behavior takes place within the Union.
If you want to appoint such a representative click here.
a. Offers goods or services, irrespective of whether a payment of the data subject is required, to data subjects in the Union; or
b. Monitor the behavior of data subjects as far as their behavior takes place within the Union.
If you want to appoint such a representative click here.
Has a company built effective processes to identify and report any personal data breaches to a controller?
Unknown
Right of access: has a company established a process of responding to a controller's request for information?
Unknown
a. Article 15 - right of access by data subjects
b. Contract requirements between Data Controller and Data Processor - the processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.
b. Contract requirements between Data Controller and Data Processor - the processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.
Has a company established processes to ensure that the personal data it holds remains accurate and up to date?
Unknown
a. Article 16 - right to rectification
b. Contract requirements - the processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR..
b. Contract requirements - the processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR..
Does a process of personal data erasure correspond to all necessary obligations?
Unknown
a. Article 17 - right to erasure
b. Contract requirements - the processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.
b. Contract requirements - the processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.
Does a company have procedures to respond to a data controllers’ request to suppress processing of specific personal data?
Unknown
a. Article 18 - Right to restriction of processing
b. Contract requirements - the processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.
b. Contract requirements - the processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.
Can a company respond to a request from the controller to supply the personal data it processes in an electronic format?
Unknown
a. Article 20 - Right to data portability
b. Contract requirements - the processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.
b. Contract requirements - the processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.
Does a company seek prior written authorisation from a controller before engaging the services of a sub-processor?
Unknown
Does a company delete or return all personal data to the controller at the end of a contract?
Unknown
Brand24 Screenshot
About Brand24
Brand24 is a simple, yet reliable social media monitoring solution. Thousands of companies of all sizes use Brand24 to identify and analyze online conversations about their brands, products, and competitors. Brand24 empowers its users to stay updated on what's being said about their businesses online, get customer insights, engage communities, identify sales leads, improve social customer service, reach out to influencers and monitor their competition.
Your company cannot be considered GDPR compliant if you did not sign Data Processing Agreements with all your Data Processors.
a. Article 28
b. ICO - contracts requirements
c. According to the GDPR, you need to sign Data Processing Agreements (DPAs) with all your Data Processors. If you don’t do so, your company cannot be considered GDPR compliant. With WeControl you can get and sign all DPAs just in few clicks.
b. ICO - contracts requirements
c. According to the GDPR, you need to sign Data Processing Agreements (DPAs) with all your Data Processors. If you don’t do so, your company cannot be considered GDPR compliant. With WeControl you can get and sign all DPAs just in few clicks.
Check All My Vendors
About Brand24
- Website: http://brand24.com
- Vendor: Brand24
- HQ Location: Gainesville, FL
- Privacy Policy