Identification of processing activities, invitations to users and simplified management of controllers
- Simplify the management of data controllers: now you can specify where the list of data controllers is located, without having to list them one by one, as required by the guidelines of the guarantor on simplification of the register as a data controller.
- Track the activities on authorized persons: from today the activities section integrates showing also all the operations carried out by users on authorized persons.
- Identify the processing activities: from now on, each processing activity is identified by a unique code so that you can recognize it more easily even when exporting the register.
- Invite users again: to help you manage your users you can now invite again all those who have not yet created their account.
Joint controllers' folders, Copy of LIA and Assessment
- Organize the joint controllers in folders: group joint controllers in folders, link them to their respective processing activities and use them in any register. From now on, it will no longer be necessary to update all the processing activities they are linked to from time to time.
- Copy of the LIA: after having introduced the LIA, we have thought of helping you to reduce the time when you have to make a new assessment of the legitimate interest in relation to a purpose similar to an existing one. You can copy a LIA, even from another processing activity, to apply it to a new one.
- Copy of the assessment: since the responses to different self-assessment tests may be similar or identical, you can copy the assessments from and to different organizations. Save time and determine the maturity of your privacy program.
- Joint controllers' processing activities: we have added a new section to the joint controllers' card that lists all of the related processing activities. You will have the possibility, as in other cases, to see in which processing activities the individual joint controllers are involved, simply by entering their card.
Assessment and LIA, the legitimate interest assessment
- Perform the assessment and discover the maturity level of the privacy program: thanks to the evaluation, you can carry out a complete analysis for each business area. You can use the indicators we have prepared for you or add new ones. View your scores in graphical format and have a list of all assessments made over time.
- Evaluate the legitimate interest and use it as a legal basis: we have prepared a list of questions that will help you understand whether to use the legitimate interest in your processing activities. A simple, intuitive and quick test, based on the instructions of the English Supervisory Authority. Effective whenever you want to use the legitimate interest as a legal basis in a processing activity.
Others controllers, operations on personal data and safeguards for the transfer outside the EU
- Data operations: now it is even easier to specific data operations for a processing activity. Save time by selecting them all with one click without choosing them one by one.
- Transfer outside the EU: with this new feature you can add more safeguards for the same transfer, choose from those present and make the transfer of personal data outside the European Union licit.
- Track other data controllers: now also keep track of all recipients who assume the role of data controller for a new processing activity as a result of the data transfer. Increase the information in your register by adding new details.
Templates customization and multiple documents download
- Templates customization: customize all available document templates, from the organization's report, to the processing activities register up to the data breaches register. You can change fonts, the layout of your documents, the colors and much more. You can also use placeholders to dynamically insert data into any document you want to export.
- Multiple document downloads: now you can export the documents you need with a single click, even more than one at a time. Just select them and click the download button. Simple, isn't it?
- Link between organizations: now you can add a data processor, data controller or joint controller from the list of organizations listed in your account. Save time and keep your data up to date.
Security measures, export of processing activities and new data available for the controller
- Export individual processing activity: with this new feature you can export even a single processing activity. Just select it from the list and click the download button!
- Unified retention period: thanks to this practical feature you can apply the same retention period to different categories of data within the same processing activity, making your daily work faster and easier.
- New attachments section for the organization: in the new section attachments you can archive any type of document so you always have all the documentation related to the protection of personal data of the company available to you.
- Predefined security measures: with this feature you can set the default security measures for the entire organization and automatically assign them to all operations even to existing ones.
- DPO details and controller's attachments: when you manage processing activities as a processor, you can provide the DPO's contact details, note down the time and address of notification of data breaches and attach any type of document.
- New payment method: Sepa Direct Debit (SDD): you can also use the Sepa Direct Debit, which is added to the credit card payment. Choose the method you prefer according to your needs.
Processing activities folders, copy of procedures and automatic linking of assets
- Quick addition of processing activities on authorized persons: managing the processing activities of an authorized person is now very simple: you can automatically link him/her to the processing activities that involve him/her directly from the organization chart and without switching views.
- Extended management of sub-processors: now you can manage the profiles of the additional data processors also within the processing activities carried out as data processors.
- New processing activities management: with intuitive folder management, now you can group processing activities. With this new feature, you can create your own personal folders and organize your processing activities according to your needs.
- Copy the procedures of an organization: you can easily copy procedures from one organization to another. With this feature you save time and focus only on what's important.
- Automatic link between assets and processing activities: automatically assign assets to all processing activities of the controller and processor. With a simple click, you can link the asset without having to individually specify it in each processing activity.
Internal procedures, processing activity templates security measures and multiple legal bases
- Link procedures to the entire organization: connect an internal procedure to all elements of the organization chart with a single click. Thanks to the "All (even future)" function, you no longer have to worry about adding new elements to the organization chart. UTOPIA automatically adds them to the procedure without you having to do anything.
- Add multiple legal bases to a specific purpose: now a single purpose can be linked to different legal bases. The controller has even more freedom of choice.
- Security measures in processing activity templates: more information can be collected in a processing activity template. Now you can also add security measures so that you do not have to repeat them every time for each processing activity.
- Connect the processing activities to all the elements of the organization chart: link all the elements of the organization chart to a specific processing activity with a single click. Useful when the processing activities involve the entire organization.
Copy of DPIAs, organization management with folders and easier deletion
- Copy impact assessments from one record to another: copy one or more impact assessments from one record to another. Save time and focus only on what's important.
- Group organizations into folders: simplify the management of organizations by grouping them into folders. You can customize the names of the folders and move one or more organizations into them, perfect for corporate groups or organizations that have common characteristics.
- Simplified organization deletion: we have simplified the deletion of an organization, if there are records or other related information UTOPIA will delete the rest.
- Automatic addition of DPO on processing operations: as of today the link between DPO and processing operations is immediate, if the DPO is present within an organization, it will be automatically added to each processing operation, both for those carried out as the data controller and for those carried out as the data processor.
Copy of multiple processing operations and assets, controller organized into folders and new permissions for the basic user
- Copy processing operations from one record to another: copy one or more processing operations from one record to another. Save time and focus only on what's important.
- Letters of authorization by job title: export the authorization document to process personal data also by job title. Give it to the person, have it sign and archive it.
- Organize the controllers into folders: as the data processor, group the controllers into folders and link them to the processing operations instead of selecting them one by one. So you don't have to remember to update them from time to time with all the processing they are linked to.
- New permissions for the basic user: establish which sections of the organization the basic user can modify. For example you can enable the modification of the Procedures but not of the Assets, of the Processors but not of the Organization chart.
- Copy assets from one organization to another: copy assets from one organization to another. Save time and focus only on what's important.
Organization report, text search for users and export procedures
- Organization report: for each organization you can export a report, in Microsoft Word format (.docx), which collects and displays all the information about it.
- Optional assets: to make the creation of a data processing operation easier and faster, it is no longer necessary to add any assets.
- Text search for users: to more easily find the users to whom you have given access to your domain you can search them by name, surname or email address.
- Export procedures: when you export a register of data processing operations, for each processing operation contained within it, from now on you will also find all the related procedures.
- Extended legal bases: you can specify in more detail the legal bases for the processing of particular categories of data by also selecting the derogations from art. 9 GDPR.
Privacy Chart, guided tour and custom login page
- Privacy Chart (BETA): now you can view the data entered in UTOPIA through an elegant full-screen chart. To use this feature, go to the General section of an organization and click on the new icon next to the completion percentage.
- Guided tour: we have introduced a tour that shows at first access the features and tools that UTOPIA offers you. You can always review it by going to Settings > Account > Show guided tour.
Personalized access page: from today you can upload your company logo and show it at login to all the users of your domain. Go to the Settings > Account menu and upload your logo.
- Organization chart with procedures: for each element of the organization chart you will also see all the linked procedures. To view them, go to the menu Organizations > Organization Chart and choose one from the list.
- User grouping: to optimize your work we have reorganized the Users section distinguishing the domain users from basic users and administrators.
- Details on all legal bases: we have further improved the choice of legal bases on processing activities. Now you can specify details of each one through a free text field.
Enhanced procedures, operations on personal data and update reminder
- Alphabetical list of users: we have reorganized the list to facilitate your work and speed up the search for collaborators and domain users.
- More detailed legal basis: when you select the legal obligation you can also specify the law reference thanks to a new dedicated field.
- Update reminder: we are constantly improving UTOPIA to give you a software that meets your needs. From today before releasing a new update you will be notified so you can better organize your work.
- New field in procedures: we have added the new field type to help you better organize the procedures. You can choose it a from predefined list or by creating new one according to your needs.
- Link the procedures to the organization chart: to increase the level of accountability of your organization you can now specify which elements of the organization chart are involved in certain procedures.
- Specify the operations performed on the data: we have added the possibility to specify all the operations performed on personal data by each element of an organization involved in a processing.
- Email alert for approvals: to speed up the approvals, an automatic email will alert users of all changes suggested by collaborators.
Enhanced processing management, data import and more detailed assets
- Improved the processor's card: open the processor card and directly access the list of its assets.
- New fields in assets: in the asset card we have added other useful fields to identify it: brand, model and year of purchase. You can also find these data when exporting the asset in CSV (.csv) format.
- Improved the contextual addition of elements: you can contextually add external figures such as joint controllers, processors ,representatives, DPOs as well as assets directly from the processing activity card.
- Import data from external sources: import data from Excel (.xlsx) document, a CSV file or other system. Send us a Feedback or email us at email@example.com and we will give you all the information you need.
- Usability improvements and bug fixes: we fixed some small bugs and improved the performance of the entire system.
- Domain recovery: in addition to the password you can also recover your UTOPIA access address. For example, if you do not remember it, just click "Recover Domain" on the login screen.
- Asset of the sub-data processor: greater control over the company's tools and their location thanks to the possibility of recording and managing the assets used by the sub-data processors of a processing activity.
- Address book for quick entry: also for the data processors and for the authorized ones we have added the address book function which saves precious time when entering data.
- Approval Badge: To enhance the collaborator's user activity, a badge has been added on the processing activities that highlights and reminds him of which are still awaiting approval.
- Visualization of processing activities: for each asset or for each element of the organization chart you have the possibility to view all the connected processing activities.
- Management of security measures: the management of security measures is faster, after having inserted them on a processing activity you can set them automatically for the future processing activities.
- Quick access to the app: the new "Login" button on the UTOPIA homepage allows you to open the application directly from the site.
- Unlimited Notes Fields lengths: You can write more detailed comments and descriptions in all UTOPIA known fields. They no longer have any limits on the number of characters to be entered.
- Modifying locations: to give more freedom to manage locations, you can now add or delete them on an already created registry.
Profile image, organization chart and company procedures
- Download documents: now download information and letters for authorized persons is immediate, just click on the '' download '' button directly from the list, without further steps.
- Profile picture: from today through the settings you can customize your account by adding, for example, your profile picture.
- Business procedures: in the organizations we have added a new section. Allows the upload of internal procedures adopted such as policies, guidelines and specifications.
- Graphic organization chart: from today you can download and graphically display the organizational structure of the company with a click.
- Data transfer guarantees: to facilitate the management of non-EU transfers, we have moved the guarantees section within the processing activity. For each third country or international organization you can indicate the expected guarantee.
Company logos, risk reduction and simplified record of processing
- User management: we have extended the range of actions of the collaborator user. From today you can browse in reading mode in all UTOPIA sections and thus benefit from a complete view on each activity.
- Simplification of the register: the processing activity registry as data processor has been simplified based on the latest indications of the Guarantor and eliminating mandatory fields not required by the regulation.
- Management of the sub-data processor: we have detailed the management of the sub-data processors, adding the possibility to indicate to which data processor of the processing activity are subordinated.
- Text search: the search function in each area of the application has been optimized. Now by clicking on the search button you can immediately type in the desired word without wasting time in further clicks.
- New sections for system administrators: Within the organizations page we have added a new section for system administrators. Here are indicated all the subjects, divided between authorized and data processors, who cover this role.
- Risk reduction: we have added, in the impact section, a new criterion for the application of security measures. From today, next to the reduction of the value of risk, you will find a new method of managing measures based on the reduction of probabilities.
- Opinion of the DPO: always in the impact section we have added an important text field where the DPO can insert its opinions and comments on the DPIA as required by the Art. 35.
- Data retention: we have also added the possibility to indicate if no retention of personal data is carried out.
- Enrichment Dashboard: two additional cards have been inserted relating to the data breaches that allow to have details about the data breach that have been notified or to the guarantor or to the data subjects.
Usability, security measures, user activity list and exercise of rights of data subjects
- Security measures: for each processing activity it is possible, as required by Article 32 of the GDPR, to indicate the technical and organizational security measures applied to ensure a level of safety relevant to the risk.
- Heading: starting from today, the insertion of personal data, such as data processors or DPOs, can be performed by looking for data from a global address book. In this way you save precious time.
- User activity list: we have added a new section in the left menu. It keeps track of all user activities, distinguishing between insertions, changes or deletions. For a more immediate search you can filter by user or organization.
- Quick access to the organization section: from today you can directly access the assets or organization while compiling the processing activity without changing the screen or making many clicks.
- New print models: we have greatly improved print templates for authorized persons, data processors and system administrators. We have also improved the models of processing activities registries.
- Organization data: access to organization information has been further facilitated and now the navigation menu is completely visible without having to move left or right with the darts.
- Explanation of impact levels: within the evaluation of processing activities we have inserted an explanatory note that helps to interpret the different levels of impact: low, medium, high, very high. Fundamental to use the assisted evaluation mode for the calculation of risk.
- Approvals page: starting today, verifying changes to processing activities is easier. We have inserted the possibility to filter them by register.
- Bug fixes and performance improvements: we fixed some bugs and improved the overall level of performance.
Calculation of risk on processing operation, printing templates, asset management and authorized persons
- Risk calculation: for each processing activity you can obtain, with a simplified and guided method, the general risk level. If it is high, UTOPIA invites you to draft the DPIA, automatically creating the register in which to proceed to the impact evaluation.
- Improvement of registers: from today the collection of data related to impact evaluations, privacy policies and data breaches is more orderly and intelligent. During their insertion UTOPIA indicates the exact destination specifying the existence of a register available for that data, and in case of absence, invites to create a dedicated one.
- Insertion of authorized to processing activities: now adding authorized persons on a processing activity is faster. In addition to single insertion, you can organize mass insertions starting from specific company areas, based on the structure of your organization chart.
- Attachments in the data breaches: starting from today the compilation of a data breach is enhanced with the possibility of attaching documents of any kind.
- Access to documentation: to deepen UTOPIA's functionalities you can access our support material directly from the left menu of the application. For each organization you can motivate, in the DPO Tab, the choice not to designate a data protection processor.
- Asset Grouping: from today you can group and organize assets by type or by owner.
- Improved layout and correction of malfunctions: we have improved the layout of some pages and corrected some malfunctions.
Co-ownership of the processing, sub-data processors and DPO data
- Sub-data processors: we have introduced the possibility to manage also the sub-data processors of a processing activity as indicated by the regulation
- Joint ownership agreement: you can add a joint ownership agreement to the joint controllers tab so that you can always get it by logging in.
- New export setting: we have added the possibility to choose the separator character used to export documents in CSV format. In this way, opening with Excel is easier.
- Improved layout and correction of malfunctions: we have improved the layout of some pages and corrected some minor malfunctions.
Choice of legal basis, collaborators authorization and documentation
- New fields: we have added new fields to the processing activities that allow an even more detailed identification.
- Conservation: we have added the possibility to indicate for each category of personal data, the retention period or, alternatively, the criteria that must be used to determine it. This change includes a fundamental requirement of the new regulation that requires to specify, for each processing activity and, for each category of data contained in it, the terms of conservation.
- Export of processing authorization document: also the print layout of the designation document has improved in content and a new template has been added completely dedicated to system administrators
- Export of authorization document to the processing activities: also the printing layout of the nomination document has improved in the content and a new model completely dedicated to the system administrators has been added.
- Function data processor as authorized: the function data processor can be added automatically to the processing activity without having to manually censor his data. To do this, simply indicate your tax code.
- Collaborators authorizations: a new way of sharing processing activities is available to users of the type collaborator. You can choose between 3 sharing modes: by organization, by register and by processing activity. None excludes the other and all together guarantee maximum flexibility and control over access management.
- Improved layout and correction of malfunctions: we have improved the layout of some pages of the app and corrected some minor malfunctions.
Processing operations, export of records and assets
- New dashboard: The new dashboard shows a complete overview of the status of the activities of all existing organizations and allows you to search and sort them according to different criteria and advanced modes.
- Improved export of registers: the export of a register can be done either from the list of registers of each organization or from the detail page of each individual register.
- New Process Field in Processing Activities: We have added the Process in Processing Activity field to allow you to detail how certain processing activities are performed.
- Asset repository: from now on it is possible to survey an asset without the need to refer it to a processing activity, but with the sole purpose of recording it in UTOPIA and using it in case of need. This type of asset will not be evaluated in the calculation of the % of completion of the data of an organization.
- Various improvements: malfunction correction and performance optimization.
Dashboard and UTOPIA Privacy Score
- New corporate asset filter: you can filter the assets of an organization so that you can focus on those that interest you.
- New app navigation mode: You can navigate the contents of the app using the forward and backward arrows in your browser. With a single click you can access the app screens (or specific sections of the app) and side tabs. Navigation becomes easier and smoother.
- Dashboard (BETA): The new dashboard shows the completion status of the different tasks you can do with UTOPIA. It gives you an overview of the status of your organizations and allows you to focus on the interventions that you think are necessary.
- UTOPIA Privacy Score (BETA): The privacy score indicates the quality of the privacy system and the risk to which the organization is exposed. It is the result of an algorithm that takes into account the following factors: completeness of information relating to the personal data of the organization, records of processing and, where there are privacy policies, impact assessments and data breaches.
- Various improvements: correction of some malfunctions and optimization of performance.
Percentage of completion of data, assets and rights of the data subject
- System of completion of activities: we have introduced a system of calculation of the percentage of completion of activities so as to understand, for example for a processing operation, how much work you still have to do.
- Disable the UTOPIA logo in the word documents: by accessing the new section Settings > Prints you can remove the UTOPIA logo from all documents produced by the app.
- External assets of data processors: from now on, it is possible to map assets that reside with data processors of a processing activity (e.g., from a service provider).
- Grouping of assets: to facilitate consultation of the assets, we have grouped them into: internal assets of the organisation, external assets from the data controllers (for the data processors) and external assets from the data processors (for the data controllers).
- Print improvement: we have improved the layout of some prints by removing from these optional and unfilled data, increasing clarity and legibility.
- We have also corrected minor malfunctions and improved the performance of the entire system.
Processing operations, register templates and impact assessment
- Processing Activity Register Model: For similar organizations, you can create a register from a model you set. From it you can create more for the organizations you want, saving valuable hours of work;
- Duplication of processing activities: you can duplicate an entire processing activity without having to manually copy all the data. From one register to another and also between registers of different organisations;
- Automatic DPO addition: when an organization has only one DPO it is automatically added to the processing activities, without doing it manually each time;
- Improved printing of registers: data that you do not fill in and that are not mandatory will not be included in the register. This makes it more compact and improves readability;
- Classification of economic activities: Processing activities register models and organisations have in common the type of economic activity that is used to apply a certain model to a given organisation. We have adopted the NACE Rev. 2 classification (L2). We suggest that you classify organisations correctly in order to use the register models;
- DPIA summary result: a new field has been added to specify the outcome of an impact assessment;
- Improved form content organization: We have improved the layout of the fields within the forms to facilitate consultation and improve overall usability;
- Improved domain deletion: exercise your right to be forgotten by destroying all your data even from our backups. To do so, go to Settings > Domain Destroy;
- New Asset type: Virtual Server
- We have also corrected minor malfunctions and improved the performance of the entire system;
Built-in catalogues, retention limits and data processor processing operations
- We have significantly improved the performance of the entire platform. From now on, the use of interfaces is more fluid and responsive;
- We've changed our management of processing activities retention limits. From now on you can indicate the limit alternatively by expressing it in terms of time or indicating the criterion of conservation;
- We have finally added new preconfigured catalogs to speed up data entry. Specifically: organizational chart elements, purposes, types of personal data, categories of data subjects, categories of personal data, categories of recipients, international organizations, risks, sources of risk, impacts, threats and security measures;
- From now on you can also save organizations with partial data if you don't have them immediately available;
- We have added a new type of asset: cloud software;
- In the view of the data processor you can view the processing activities related to him without having to search each time within the individual processing activities;
- We have removed some required fields from the referrals, DPOs, etc,
- so that you can add them even if you don't have all the necessary data immediately;
- From today you can add organizations not subject to VAT number;
- We have also corrected several minor malfunctions;
Management of authorized persons and creation of privacy policies
- You can finally manage the authorized of processing activities (former processors) by creating them one at a time or importing them through CSV files (comma separated values);
- You can also create your processing authorization documents in Word format (.docx);
- We've made a minor change to the records. From today you can also register international organizations.
- We have improved the process of creating and generating privacy policies by adding references to GDPR articles regarding whether or not consent is mandatory.
- We have also improved the overall performance of the system, introduced minor changes that improve its usability and fixed some malfunctions;
Data breach analysis, review of impact assessments and approval data
- You can conduct the analysis of a data breach and produce the documentation in Word (.docx), PDF or Excel (csv) format;
- You can review a DPIA by automatically calculating the next review date based on the set periodicity;
- We have added, in the register of processing operations, the data controller column in the case where the register is made as data processor;
- In the approvals, in each processing operation, the register to which they apply shall also be indicated so as to distinguish two apparently identical processing operations;
- We have enriched the asset catalogue and added two new ones: UPS and Telephone exchange;
- We have improved the overall performance of the system and introduced minor modifications that improve its usability;
Documents export and new information on data processor activities
- You can export an Impact Evaluation to Word (.docx) and PDF format. Simply go to the Impact menu, select the one you are interested in and click the Export button.
- You can finally produce information and consent in a few clicks thanks to the update system that remembers and takes into account, always, all the changes you make to the processing activities;
- For each Data Processor you can indicate for which activity he has been designated through a dedicated field;
- General platform improvements and bug fixes;
Improved organization and management of assets
- For each organization, from now on, you can specify if it also acts as a data processor or just as a data controller. In the first case, enter the data controllers in the new section Data Controllers and then you will be able to refer them inside processing activities.
- All companies that also act as data processors can also census external assets. External assets are physically located by the data controller or associated with it but managed by the data processor.
- Abbiamo migliorato l'esperienza d'uso e corretto alcuni malfunzionamenti.
Asset management and usability improvements
- You can easily create groups of assets of the same type
- We have also updated the list of Italian municipalities with the most recent changes
- We have improved the user experience when you upload a document
Improved management of the record of processing
- You can also export the processing activities registries in Word format (.docx)
- You can customize the layout
- You can turn it into a PDF file
DPO, designation of the data controller and compatibility with Internet Explorer
- You can indicate if the DPO is internal or external and also attach the service contract (in any format)
- You can manage the designations to the data controllers by indicating the data, any expiry date and attach the document (in any format)
- You can indicate where an asset is located and to which office it belongs
- UTOPIA becomes compatible with Internet Explorer 11
Collaborators management, right to be forgotten and improvement of approvals.
- You can centrally manage all collaborators directly from the Settings menu
- You can check the value of a processing field before modifying it: go to the Approvals menu, click on a processing and move the mouse over the modified field.
- You can exercise your right to be forgotten and request the destruction of all your data, even from our backups (only if you are the owner of the domain). Go to the Settings menu and click the icon at the top right of the toolbar.
- You can census organizations with registered offices in San Marino
- You can add to the assets of an organization the new type: Network equipment
- All changes to the processing operations are tracked. If you forget to save them, UTOPIA will inform you!