Shift 2 GDPR (S2GDPR)

GDPR management process is expensive and demands a complex information registration for auditing effects which should be storage for several years.

Most existing systems in the organizations don’t support all the requirements and many end up using Excel, that despite being easy to implement is hard to manage and don’t offer the needed security level for auditing effects.

Many organizations already use flexible platforms, like Office 365, but they are underutilized for the support of this process.

SHIFT developed a solution in Office 365 to ease the implementation and the efficient management of this process in the organizations – S2GDPR.

Main challenges addressed by S2GDPR:

  • Identify the non-conformities through Privacy Impact Assessment (PIA), correct them and revaluate based on recurring PIAs;
  • Ensure an agile relationship with the data subjects, including interaction, response to requests and self-service areas;
  • Ensure that all data subjects requests are registered, answered and the action result is duly registered;
  • Manage several requests from data subject and provide proof of execution;
  • Ensure auditability of all GDPR support information in case of auditing or complaint;
  • Respond to mandatory GDPR requisites concerning data breach and incidents management;
  • Visibility of the status of whole process, like number of authorization, number of responses among others.

How S2gdpr helps you to overcome these challenges?

  • Conduct assessments surveys on the GDPR control points, register privacy impact assessment (PIA) its result and assign correctios to the non-conformities;
  • Making available self-service forms to external (internet) and internal (intranet) data subjects;
  • Registering all replies in a list and triggering workflows by request types (e.g. reply o data subject requests, register new activities);
  • Register all kinds of requests and allow follow up of the requests;
  • Manage Duty to Inform automatically;
  • Register all kind of usage of data for which authorization is required and monitor response rate;
  • Keep evidence of Duty to Inform and Consents;
  • Send authorization requests campaigns via email with links to the forms;
  • Guarantee the transparency of the process in the third-party response level, dashboards with number of responses, % of consents, extraction of consents for communication actions effects, among other indicators.

ProcessES supported by S2GDPR:

  • Manage Duty to Inform;
  • Manage Consent;
  • Manage data owners requests;
  • Support Privacy Maturity Assessment;
  • Manage Incidents and Data Breaches;


In Assessment phase:

  • Run internal PIA (privacy impact assessment) based on pre-defined best practice referential;
  • Compare evolution of PIA results;
  • Define action plans.


In Planning phase:

  • Manage a centralized repository with personal data, optionally integrated with original data sources;
  • Manage duty to inform by groups of contact;
  • Define the activities that require the consents by groups of contact;
  • Define the data breach internal process.



In Execution/implementation phase:

  • Manage actions to address PIA results;
  • Compare evolution of PIA results;
  • Allow internal and external stakeholders to provide or review consents on their information (self service);
  • Understand evolution of consents with analysis per contact, time to reply on requests and % of requests per activities.

Benefits of S2GDPR:

  • Fast implementation (usually 2-3 days per process);
  • Full usage of Microsoft tools with no need for additional technology;
  • Processes aligned with privacy best practices (BS10012, ISO 29134, ISO 20000);
  • Low cost of GDPR management through usage of portals and a self-service relationship with data subjects;
  • Prompt and informed decisions through the view of the whole process and execution rate.

Ways to implement S2gdpr:

  • A standalone solution: in your Office 365. We provide online support to adjust the solution to your needs and an online training (this would typically take 2-3 days);

  • As part of a consulting project: where SHIFT or one of its partners will assist you to conduct the assessments, identify the gaps and consolidate existing information while deploying the tool in your Office 365. Solution training and customization will be done on site.

contacT US