New filters, asset import and related security measures
- New icon for digital authorisations
You now have a new icon to see which authorised persons have viewed the authorisation document. This way you don't have to go into the tabs one by one and you save precious time.
- Security measures on assets
We have added security measures linked to assets. Now, when you link an asset to a processing, the security measures applied to the asset are also automatically reported so you don't have to worry about manually adding them to the processing.
- Importing assets from CSV files
The inventory of organisation assets is now even easier. You can import them automatically using a template you can use whenever you want.
- New filter on authorised persons
We have added a new filter on authorised persons to help you understand which ones do not yet have processing connected, which is very useful when entering data.
- New processing filter
We have added a new filter within the register as a processor that shows you the operations grouped by the controller the organisation is processing for.
- New filter on processors
We have added a new filter to the list of processors to help you understand which ones have not yet been linked to processing operations or uploaded a contract.
Folder management is now present on both procedures and privacy policies. The folders help you to better organise your work according to your needs.
- Processor attachments
We have added a new section in the processor tab. Now you can upload other documents in addition to the contract and have them always available.
Customization of the register, CSV exports and authorization management
- Archive and restore authorized people
Starting today, when an authorized person is no longer part of your organization, you have the option to archive it, so you keep the information you may need without deleting it.
- New processings available on MIA
Our virtual register creation assistant continues to learn from your suggestions, we've added new processings based on organizations' activity types and industries.
- Removed mandatory fields on data subject requests
Thanks to numerous suggestions, we've removed some mandatory fields in data subject requests and added a unique request code.
Customization of the register, CSV exports and authorization management
- Use the serial number for digital authorizations
From now on you have the possibility to choose whether to use the serial number instead of the tax code for the management of digital processing authorizations.
- Select the authorized as participants in the activities of the DPO
Now, choose directly from the authorized list when you indicate participants in DPO activities, so you save time and focus on what is important.
- Export the authorized persons also in CSV format
You have a new export format for the list of all authorized for processing. Choose the format you prefer among DOCX, PDF, and now also CSV.
- Customize the register description
It could not miss also the possibility to change the name of the processing register, now give space to your imagination to customize your records.
Management of requests of data subjects and downloads of organizations
- Manage requests from data subjects
We have included a new section for the management of requests to exercise the rights of data subjects, in this way you have everything under control in one place and keep track of time and results of responses.
- Download organizations' data in .CSV format
From today you have the possibility to download in .csv format the general data of all organizations, so you have a document always updated with the information you need.
Register templates, training management and import of the authorized persons
- Add an authorized from the address book
We have added the search button also on the authorized, in this way it is easier to insert an authorized in two separate elements of the organization chart and avoid to fill in the information again.
- Import the authorized from CSV file
You can import autonomously the authorized persons by CSV. Open the list of authorized persons, download and compile the csv file, so you save time and focus on what is important.
- Create register templates based on ATECO code
You have the possibility to create a processing register template also according to the ATECO code, in this way you can use it for all organizations that have the same economic activity.
- Copy a processing from a register template
Improvements in processing copy functionality continue, you also copy a single processing within a register starting from a template.
- Automatic DPO training activities
If you include a training activity in your DPO activities, it will automatically appear in the list of courses held by the organization, so you don't have to enter the activity twice.
- Export the training logbook
After adding the section dedicated to training, you have a new document that lists all the training activities carried out and the details of the course such as date, duration, content and participants.
Attachments to DPIA, customized legal bases and register templates
- Attachments to DPIA
We have added the attachments section also in a DPIA to improve document management, from now on you can upload any document within a single impact assessment and download it when you need it.
- ATECO Code no longer mandatory
For all organizations that do not have an economic activity but that process personal data with this update it is no longer mandatory to enter the ATECO code. In this way, it is easier to census the data of an organization you are managing.
- New functions for basic users and collaborators
- Create a template from a register
Given the many requests now you can create a template from an organization's processing register. Simply select the processings and copy them into a template, so you can use it whenever you want.
- Customizations of legal bases
Even the legal bases are now customizable, for each purpose of a processing choose the legal basis from the list or enter the item you prefer. Useful in all those cases where you want to indicate more details in relation to the legal basis used.
DPO data, copy of processing and availability of data
- Data availability
We have modified the data availability field in case of crash. Now you have a free text field where you can indicate the time needed for the data to be available again. Go to the processing card and open the Data Retention tab.
- Copy of processing activities
From today also the collaborator user has the possibility to copy processing from one register to another, in this way you can delegate to other users the compilation of the registers and save time. Entra nelle Impostazioni e apri la scheda Utenti.
- Mandatory data on DPO
For an external DPO we have removed the mandatory name and surname and left only the company name and the VAT number as required, in order to comply with the procedure of the guarantor authority that allows to indicate an external DPO even without name and surname but with company name and VAT number.
Training, authorization by job and subscription expiration notifications
- Authorizations by job
To facilitate the management of processing authorizations by job it is possible to link both processing and processing instructions directly to the element of the organization chart. In this way you save time and focus on what is important.
- Subscription expiration reminder
We have added an automatic email system that alerts you 7 and 14 days before a subscription expires, so you don't have to worry and you always know how long before it is renewed.
- Training management
It could not miss also a section dedicated to training courses on privacy. You can also add all the training activities carried out indicating also the participants.
Sorting of processing, DPO report in PDF and automatic asset code
- Automatic asset code
In order to facilitate asset management, an automatic unique code is now generated at the time of creation. You can then decide whether to customize it or use the one proposed.
- Sorting the processing
Now it is easier to manage the register and fill in the processing. From now on you can also order them according to the percentage of completion by focusing on those processing that are not yet complete to reach 100% and increase the privacy score.
- DPO activity report in PDF
Now you can also export the DPO activity report in PDF format. Track all the activities carried out by the DPO, indicate the time period and choose the export format you prefer.
- New interactive guided tour
When you create a new domain, you have at your disposal a new guided tour of the application that allows you to know all the features of UTOPIA from the beginning and explains you through examples how to enter the necessary data to get started.
- Customizable emails
New tutorials section and customization of notification sender
- Sender customization of notifications
- New tutorials section
You have more than 50 new free tutorial videos available directly under your account. The videos last a few minutes, are searchable by keyword or topic and are organized in sections. So you find what you’re looking for and learn faster. Become a UTOPIA expert now.
DPO activities, risk matrix and summary of consents via email
- Exporting the risk matrix
We have included the risk matrix within a processing evaluation report. In this way you immediately see the risk value and focus on the measures to be applied. To view it, enter the processing card and export the pre-assessment.
- Summary email to the data subject
- New report for authorized persons
We have created a new report dedicated to the authorized persons, you can export it directly from the organization chart and easily keep under control all the people involved in the processing.
- Email summary of consents
Specify which users will receive notifications of interested parties' preferences. Add their email addresses, so it's easier to monitor the consents, especially in case of revocation.
- Change processing from the organigram
With this new feature you can modify the processing directly from the organigram, in this way it is easier to keep the register updated.
- DPO activity management
You have a new feature for managing the activities of the DPO, keep track of every action taken by the data protection officer.
Processing instructions, processors' report and register change history
- History of register changes
- Improved processing activities list
From now on, you can filter the processing activities of each register according to the organization chart element involved so you can easily focus on the processing activities of your interest.
- Centralized processing instructions
Now, both in the instruction field in the authorized person's card and in the processing activity you can link the procedures defined at the organizational level. This way you no longer have to worry about rewriting the instructions each time.
- Data processors' report
From today with a click, you can export the list of all data processors in order to comply with the principle of accountability even more easily. Discover the new download button in the Organization > Processors section.
- Duties and tasks over the authorized
In line with the provisions of the law, for each person or job within the organization chart, you can also enter any specific tasks and duties related to the processing of personal data.
- More powers to the collaborator
After countless requests we are happy to announce that with the latest update the collaborator user can suggest the creation of new processing activities, these will still be subject to approval by an administrator. Save time and get help from your co-workers.
More powers to the collaborator and automatic revocation of consent
- Automatic consent withdrawal
- Improved collaborator user
From today also the collaborator user can use the procedure for sending information and managing digital consents, moreover, for the only processing on which he has visibility, he can also carry out the evaluation of the legitimate interest.
- Simplified organizational report
We've simplified the organization's reports. As of today, if for example, you haven't filled in some asset information, the fields will automatically be hidden from the report in order to save space.
ATECO codes and updating of the processing register with MIA
- ATECO codes
We have added the ATECO codes within the card of an organization, in this way you can easily recognize the economic activity and, in case they are available, select in a few clicks the suggested processing activities for that sector.
- Updating registers with MIA
MIA, your personal treatment creation assistant, continues to improve and from today, if you have more than one treatment log, choose where to add the suggested ones. Open the assistant and after selecting the processing activities select in which register you want to add them.
- Processing assistant
Mia, your personal processing assistant, keeps getting better. You will immediately see where suggestions are available, depending on the type of activity of an organisation.
- Privacy policies and digital authorizations with customized logo
Also customize the web pages with the organization's logo. The organization's logo is also shown in digitally submitted privacy policies and processing authorizations.
- Feedback attachments
When you send feedback through the application you have the possibility to upload up to 3 attachments so you can add more details to your requests. Getting in touch with us has never been easier.
- User alert emails
Processing activities assistant, data filter saving and menu item suggestions
- Catalogs customization
Now, with the new suggestion function, your custom catalog items will be shown first in the selection menus. Also, if you edit an entry, UTOPIA tells you where it is used, so everything is smoother. Go to the catalogues page from the left menu and start creating your custom items.
- Welcome MIA, your personal assistant.
From now on, choosing processing activities is even easier. Create an organization, select the type of business and MIA will automatically suggest the most used processing activities in a given field. Save time and trust MIA, your new privacy assistant.
- Saving filters on data
We have improved the filter management to help your work. Now when you use a filter and change pages, it is saved, so you don't have to worry about selecting it again.
History of preferences, new catalogues and job suggestions
- Catalogs customization
Now you have new catalogs to enter your custom entries and use them whenever you want. In addition, every time you create a new entry, such as a purpose or category of data subjects, it will automatically be included in the corresponding catalogue. Go to the Catalogues menu and customize the items to use.
- Preferences history
From today you also have a history of the preferences given by the data subject, which is useful if, for example, consent is revoked. We have also improved the view of the data subject's responses so that you can immediately understand the status of your request.
- Job entry simplified
Now it's easier to choose a job for an authorized person. To help you with the task, UTOPIA automatically suggests those already present in the organization chart element.
- More space for the contents of a DPIA
We have increased the character limit in all items of the impact assessment, so when you fill out a DPIA, you don't have to worry about the length of the contents.
- Improved asset export
From now on, when you export the assets or the organizational report you will also find all the related processing activities, so you always have a full overview at hand.
- Business procedures and processing authorizations
We have also included the company procedures as an attachment to the processing authorizations, so you can send both the processing authorization document and the company procedures to the authorized person.
- Improved the processor sheet
The field relating to the VAT number can also be found inside the sheet of a processor if the person in question is a natural person.
- Multiple sending of digital authorizations (BETA)
We have improved the sending of processing authorizations, you can send them to all authorized persons in just one click, saving time and focusing on what is important.
- Modifiable processing register date
You can change the date of creation of the processing register, which is very useful if, for example, you have imported the register from external sources.
Digital authorizations document, PDF exports, asset customization and PA security measures
- Simplified management of authorized persons
Enter the person once and specify which offices they work in without losing concentration. So you save time when you record personnel data.
- Digital authorizations for processings (BETA)
No more paper for authorizations, which from now on will be delivered to the authorized persons in digital format. With the new delivery and view procedure, you no longer have to print out any documents and you can comply with all information requirements in just a few clicks. Simply go to the authorized card and click the new section “Authorizations”.
- Catalogues customization
Also the asset selection menu becomes customizable, so you have full control over the items entering all the types of assets you prefer.
- Exporting documents in PDF
We have added the possibility to export all documents also in PDF format. Every time you download the document select the right format for you between Microsoft Word (.docx), Comma Separated File (.csv) and PDF.
Focus mode, folder sharing and asset enhancements
- Share processing activities by folders
Since today you have a new way of sharing processing activities with the collaborators. You can select the folders created for organizations, records, processing activities and share them with a click.
- Improved the processor section
We have added information about the DPO of the processor to within its card. This way you have access to his contact details in case of need.
- Quickly connect your assets to the processing activities
Managing the assets involved in a processing activity is now easier and faster: choose all the processing activities directly from an asset's card without having to open them one by one.
- New focus mode
We have created a new way of working that allows you to be more efficient and faster. Activate the focus mode and all the data will be filtered according to the selected organization even when you change pages.
Notification of data breaches, specific print templates and copy of pre-assessments
- Copy of the pre-assessment
From now on, copy the data of a pre-assessment from one processing activity to another. Thanks to this feature you save time and only focus on what is important.
- Communication of data breaches
The notification of data breaches is simplified, from now on the data breach document contains all the information required by the guarantor's model. In this way you can communicate it to the supervisory authority without further steps.
- Improved the controllers section
From today you have greater control over the instruments involved in the processing activities, you access the assets of a controllers directly from his card.
- Customization of documents for each organization
The customization of print templates is enriched and becomes organization-specific. For each of them you have all the document templates to make your preferred changes.
- New fields available for the register templates
You now have the "Notes" and "Process" fields within the processing activity templates. This way you won't have to enter them again every time you use this feature.
Duplication of organizations, export of LIA and individual violation
- Export a single data breach
From today with this new feature you can export even a single data breach. Just enter the Breaches section, select one from the list and click the Export button.
- Multiple choice of operations on data
You can now select with one click all the operations on the data carried out by each element of the organization chart, save time and choose the option "all" when necessary.
- Duplicate the data of an organization
Now you have the ability to duplicate all the data of an organization choosing what to copy from offices, assets, managers, processing activities, privacy policies and much more. With this functionality you save time and focus only on what's important.Export legitimate interest assessment.
- Export legitimate interest assessment
Now you can also export, customize and print the procedure for assessing the legitimate interest. Simply go to a processing activity, select the one you are interested in under the LIA section and click on the download button.
- Sort processing activities by risk level
We have introduced a new criterion that allows you to sort processing activities according to the level of risk. Reduce the risk of processing activities and increase your privacy score.
Dates on processing activities, preview of templates and search by VAT number
- Preview custom document templates
Now, in the print settings tab, you can see previews of the document templates you have customized. Use the customisation feature and make your privacy document templates unique.
- Date of creation and modification on the processing activity
We have inserted two new fields in the processing sheet showing the date of creation and last modification. Useful to monitor the management and updating of all your processing activities.
- Improved search for external figures
Now you have the possibility to search by VAT number for all the processors, controllers and joint controllers that you have entered in your domain. In this way you can use the data already entered and reduce the compilation time.
- Copy the data of an impact assessment
Now you can import the data of an impact assessment from one organization to another without worrying about the related processing activities. Take advantage of all the data already entered in a DPIA and link it to the processing that needs it.
Transfer safeguards, risk level and revision code
- Add processing instructions
Now you have a free text field in the processing sheet where you can enter the instructions that will be included in the authorization documents as required by the regulations.
- Reduce the level of risk by applying security measures
Now you can specify, for each processing activity, the value of the reduced risk as a result of the implementation of security measures. Increase an organization's privacy score and get the highest score.
- Track changes to the registry with the revision code
Each register now has a revision code that updates automatically when you change a processing activity. You can also customize it according to your needs so you always know which is the latest version of the processing register.
- Organize your processing activities into folders
Organize the list of processing activities register into customizable folders. Perfect for all registers that have common characteristics.
- Specify safeguards for the transfer of personal data outside the EU
Get help from the wizard for managing safeguards about the transfer of personal data outside the European Union. Choose between adequacy decisions, adequate safeguards or derogations under Article 49 of the GDPR.
- Simplify the management of the controllers
As provided for by the simplification of the guarantor for the protection of personal data now you have the opportunity to specify within a processing activity sheet where the list of owners is located.
Processing instructions, target mode and export of processing
- Export processing activities from an element of the organization chart
Now export your processing activities from a specific organization chart element. Select a company department and choose whether to include processing activities of higher or lower grade elements.
- Discover the meaning of the operations carried out on the data
From today you have new suggestions in the data processing sheet that explain the meaning of each individual operation carried out on personal data.
- Reach 100% on processing activities with the target mode
In each section of the processing activity sheet we have included an indicator to help you understand what data is missing to complete the processing and achieve 100% completion.
- Specify processing instructions for controllers and authorized persons
Now you have a free text field to specify processing instructions. You can find it both in the card of the authorized person and in the card of the controller. In this way, the processing instructions will also appear in the corresponding authorization and designation documents.
Archive data processors, export assessments and processing evaluation.
- Export the assessment procedure and the evaluation of the processing
Now you can also export, customize and print the assessment procedure of an organization and the evaluation of the processing operations.
- Archive a data processor
You can now archive a data processor and the associated sub-processors. With the archiving function you can remove it from the processing operations and keep its history.
- Export a single data protection impact assessment
You will no longer have to download the entire impact assessment register. From now on, you only select and export those that interest you.
- Quickly add new processing activities to the data processor
Managing processing activities of a processor is now very simple: you can easily link them directly from the card of the data processor.
Single mode of exercising rights and multiple selections of authorized persons
- Simplified selection of authorized persons: in the processing activity sheet we have added the possibility to choose "All of the selected elements of the organization chart" with reference to the authorized persons, so that with just one click you can authorize all the persons of the selected elements without having to choose them one by one.
- Unified mode of exercising rights: it is possible to specify a single mode of exercising the rights of the data subject provided for by the processing activity, in this way you will no longer have to enter, for each right, the modalities.
- Data Breach which does not cause damage: the option "no damage caused" has been added when filling in the breach procedure, use it when the data subject has not incurred any consequences.
Identification of processing activities, invitations to users and simplified management of controllers
- Simplify the management of data controllers: now you can specify where the list of data controllers is located, without having to list them one by one, as required by the guidelines of the guarantor on simplification of the register as a data controller.
- Track the activities on authorized persons: from today the activities section integrates showing also all the operations carried out by users on authorized persons.
- Identify the processing activities: from now on, each processing activity is identified by a unique code so that you can recognize it more easily even when exporting the register.
- Invite users again: to help you manage your users you can now invite again all those who have not yet created their account.
Joint controllers' folders, Copy of LIA and Assessment
- Organize the joint controllers in folders: group joint controllers in folders, link them to their respective processing activities and use them in any register. From now on, it will no longer be necessary to update all the processing activities they are linked to from time to time.
- Copy of the LIA: after having introduced the LIA, we have thought of helping you to reduce the time when you have to make a new assessment of the legitimate interest in relation to a purpose similar to an existing one. You can copy a LIA, even from another processing activity, to apply it to a new one.
- Copy of the assessment: since the responses to different self-assessment tests may be similar or identical, you can copy the assessments from and to different organizations. Save time and determine the maturity of your privacy program.
- Joint controllers' processing activities: we have added a new section to the joint controllers' card that lists all of the related processing activities. You will have the possibility, as in other cases, to see in which processing activities the individual joint controllers are involved, simply by entering their card.
Assessment and LIA, the legitimate interest assessment
- Perform the assessment and discover the maturity level of the privacy program: thanks to the evaluation, you can carry out a complete analysis for each business area. You can use the indicators we have prepared for you or add new ones. View your scores in graphical format and have a list of all assessments made over time.
- Evaluate the legitimate interest and use it as a legal basis: we have prepared a list of questions that will help you understand whether to use the legitimate interest in your processing activities. A simple, intuitive and quick test, based on the instructions of the English Supervisory Authority. Effective whenever you want to use the legitimate interest as a legal basis in a processing activity.
Others controllers, operations on personal data and safeguards for the transfer outside the EU
- Data operations: now it is even easier to specific data operations for a processing activity. Save time by selecting them all with one click without choosing them one by one.
- Transfer outside the EU: with this new feature you can add more safeguards for the same transfer, choose from those present and make the transfer of personal data outside the European Union licit.
- Track other data controllers: now also keep track of all recipients who assume the role of data controller for a new processing activity as a result of the data transfer. Increase the information in your register by adding new details.
Templates customization and multiple documents download
- Templates customization: customize all available document templates, from the organization's report, to the processing activities register up to the data breaches register. You can change fonts, the layout of your documents, the colors and much more. You can also use placeholders to dynamically insert data into any document you want to export.
- Multiple document downloads: now you can export the documents you need with a single click, even more than one at a time. Just select them and click the download button. Simple, isn't it?
- Link between organizations: now you can add a data processor, data controller or joint controller from the list of organizations listed in your account. Save time and keep your data up to date.
Security measures, export of processing activities and new data available for the controller
- Export individual processing activity: with this new feature you can export even a single processing activity. Just select it from the list and click the download button!
- Unified retention period: thanks to this practical feature you can apply the same retention period to different categories of data within the same processing activity, making your daily work faster and easier.
- New attachments section for the organization: in the new section attachments you can archive any type of document so you always have all the documentation related to the protection of personal data of the company available to you.
- Predefined security measures: with this feature you can set the default security measures for the entire organization and automatically assign them to all operations even to existing ones.
- DPO details and controller's attachments: when you manage processing activities as a processor, you can provide the DPO's contact details, note down the time and address of notification of data breaches and attach any type of document.
- New payment method: Sepa Direct Debit (SDD): you can also use the Sepa Direct Debit, which is added to the credit card payment. Choose the method you prefer according to your needs.
Processing activities folders, copy of procedures and automatic linking of assets
- Quick addition of processing activities on authorized persons: managing the processing activities of an authorized person is now very simple: you can automatically link him/her to the processing activities that involve him/her directly from the organization chart and without switching views.
- Extended management of sub-processors: now you can manage the profiles of the additional data processors also within the processing activities carried out as data processors.
- New processing activities management: with intuitive folder management, now you can group processing activities. With this new feature, you can create your own personal folders and organize your processing activities according to your needs.
- Copy the procedures of an organization: you can easily copy procedures from one organization to another. With this feature you save time and focus only on what's important.
- Automatic link between assets and processing activities: automatically assign assets to all processing activities of the controller and processor. With a simple click, you can link the asset without having to individually specify it in each processing activity.
Internal procedures, processing activity templates security measures and multiple legal bases
- Link procedures to the entire organization: connect an internal procedure to all elements of the organization chart with a single click. Thanks to the "All (even future)" function, you no longer have to worry about adding new elements to the organization chart. UTOPIA automatically adds them to the procedure without you having to do anything.
- Add multiple legal bases to a specific purpose: now a single purpose can be linked to different legal bases. The controller has even more freedom of choice.
- Security measures in processing activity templates: more information can be collected in a processing activity template. Now you can also add security measures so that you do not have to repeat them every time for each processing activity.
- Connect the processing activities to all the elements of the organization chart: link all the elements of the organization chart to a specific processing activity with a single click. Useful when the processing activities involve the entire organization.
Copy of DPIAs, organization management with folders and easier deletion
- Copy impact assessments from one record to another: copy one or more impact assessments from one record to another. Save time and focus only on what's important.
- Group organizations into folders: simplify the management of organizations by grouping them into folders. You can customize the names of the folders and move one or more organizations into them, perfect for corporate groups or organizations that have common characteristics.
- Simplified organization deletion: we have simplified the deletion of an organization, if there are records or other related information UTOPIA will delete the rest.
- Automatic addition of DPO on processing operations: as of today the link between DPO and processing operations is immediate, if the DPO is present within an organization, it will be automatically added to each processing operation, both for those carried out as the data controller and for those carried out as the data processor.
Copy of multiple processing operations and assets, controller organized into folders and new permissions for the basic user
- Copy processing operations from one record to another: copy one or more processing operations from one record to another. Save time and focus only on what's important.
- Letters of authorization by job title: export the authorization document to process personal data also by job title. Give it to the person, have it sign and archive it.
- Organize the controllers into folders: as the data processor, group the controllers into folders and link them to the processing operations instead of selecting them one by one. So you don't have to remember to update them from time to time with all the processing they are linked to.
- New permissions for the basic user: establish which sections of the organization the basic user can modify. For example you can enable the modification of the Procedures but not of the Assets, of the Processors but not of the Organization chart.
- Copy assets from one organization to another: copy assets from one organization to another. Save time and focus only on what's important.
Organization report, text search for users and export procedures
- Organization report: for each organization you can export a report, in Microsoft Word format (.docx), which collects and displays all the information about it.
- Optional assets: to make the creation of a data processing operation easier and faster, it is no longer necessary to add any assets.
- Text search for users: to more easily find the users to whom you have given access to your domain you can search them by name, surname or email address.
- Export procedures: when you export a register of data processing operations, for each processing operation contained within it, from now on you will also find all the related procedures.
- Extended legal bases: you can specify in more detail the legal bases for the processing of particular categories of data by also selecting the derogations from art. 9 GDPR.
Privacy Chart, guided tour and custom login page
- Privacy Chart (BETA): now you can view the data entered in UTOPIA through an elegant full-screen chart. To use this feature, go to the General section of an organization and click on the new icon next to the completion percentage.
- Guided tour: we have introduced a tour that shows at first access the features and tools that UTOPIA offers you. You can always review it by going to Settings > Account > Show guided tour.
Personalized access page: from today you can upload your company logo and show it at login to all the users of your domain. Go to the Settings > Account menu and upload your logo.
- Organization chart with procedures: for each element of the organization chart you will also see all the linked procedures. To view them, go to the menu Organizations > Organization Chart and choose one from the list.
- User grouping: to optimize your work we have reorganized the Users section distinguishing the domain users from basic users and administrators.
- Details on all legal bases: we have further improved the choice of legal bases on processing activities. Now you can specify details of each one through a free text field.
Enhanced procedures, operations on personal data and update reminder
- Alphabetical list of users: we have reorganized the list to facilitate your work and speed up the search for collaborators and domain users.
- More detailed legal basis: when you select the legal obligation you can also specify the law reference thanks to a new dedicated field.
- Update reminder: we are constantly improving UTOPIA to give you a software that meets your needs. From today before releasing a new update you will be notified so you can better organize your work.
- New field in procedures: we have added the new field type to help you better organize the procedures. You can choose it a from predefined list or by creating new one according to your needs.
- Link the procedures to the organization chart: to increase the level of accountability of your organization you can now specify which elements of the organization chart are involved in certain procedures.
- Specify the operations performed on the data: we have added the possibility to specify all the operations performed on personal data by each element of an organization involved in a processing.
- Email alert for approvals: to speed up the approvals, an automatic email will alert users of all changes suggested by collaborators.
Enhanced processing management, data import and more detailed assets
- Improved the processor's card: open the processor card and directly access the list of its assets.
- New fields in assets: in the asset card we have added other useful fields to identify it: brand, model and year of purchase. You can also find these data when exporting the asset in CSV (.csv) format.
- Improved the contextual addition of elements: you can contextually add external figures such as joint controllers, processors ,representatives, DPOs as well as assets directly from the processing activity card.
- Import data from external sources: import data from Excel (.xlsx) document, a CSV file or other system. Send us a Feedback or email us at firstname.lastname@example.org and we will give you all the information you need.
- Usability improvements and bug fixes: we fixed some small bugs and improved the performance of the entire system.
- Domain recovery: in addition to the password you can also recover your UTOPIA access address. For example, if you do not remember it, just click "Recover Domain" on the login screen.
- Asset of the sub-data processor: greater control over the company's tools and their location thanks to the possibility of recording and managing the assets used by the sub-data processors of a processing activity.
- Address book for quick entry: also for the data processors and for the authorized ones we have added the address book function which saves precious time when entering data.
- Approval Badge: To enhance the collaborator's user activity, a badge has been added on the processing activities that highlights and reminds him of which are still awaiting approval.
- Visualization of processing activities: for each asset or for each element of the organization chart you have the possibility to view all the connected processing activities.
- Management of security measures: the management of security measures is faster, after having inserted them on a processing activity you can set them automatically for the future processing activities.
- Quick access to the app: the new "Login" button on the UTOPIA homepage allows you to open the application directly from the site.
- Unlimited Notes Fields lengths: You can write more detailed comments and descriptions in all UTOPIA known fields. They no longer have any limits on the number of characters to be entered.
- Modifying locations: to give more freedom to manage locations, you can now add or delete them on an already created registry.
Profile image, organization chart and company procedures
- Download documents: now download information and letters for authorized persons is immediate, just click on the '' download '' button directly from the list, without further steps.
- Profile picture: from today through the settings you can customize your account by adding, for example, your profile picture.
- Business procedures: in the organizations we have added a new section. Allows the upload of internal procedures adopted such as policies, guidelines and specifications.
- Graphic organization chart: from today you can download and graphically display the organizational structure of the company with a click.
- Data transfer guarantees: to facilitate the management of non-EU transfers, we have moved the guarantees section within the processing activity. For each third country or international organization you can indicate the expected guarantee.
Company logos, risk reduction and simplified record of processing
- User management: we have extended the range of actions of the collaborator user. From today you can browse in reading mode in all UTOPIA sections and thus benefit from a complete view on each activity.
- Simplification of the register: the processing activity registry as data processor has been simplified based on the latest indications of the Guarantor and eliminating mandatory fields not required by the regulation.
- Management of the sub-data processor: we have detailed the management of the sub-data processors, adding the possibility to indicate to which data processor of the processing activity are subordinated.
- Text search: the search function in each area of the application has been optimized. Now by clicking on the search button you can immediately type in the desired word without wasting time in further clicks.
- New sections for system administrators: Within the organizations page we have added a new section for system administrators. Here are indicated all the subjects, divided between authorized and data processors, who cover this role.
- Risk reduction: we have added, in the impact section, a new criterion for the application of security measures. From today, next to the reduction of the value of risk, you will find a new method of managing measures based on the reduction of probabilities.
- Opinion of the DPO: always in the impact section we have added an important text field where the DPO can insert its opinions and comments on the DPIA as required by the Art. 35.
- Data retention: we have also added the possibility to indicate if no retention of personal data is carried out.
- Enrichment Dashboard: two additional cards have been inserted relating to the data breaches that allow to have details about the data breach that have been notified or to the guarantor or to the data subjects.
Usability, security measures, user activity list and exercise of rights of data subjects
- Security measures: for each processing activity it is possible, as required by Article 32 of the GDPR, to indicate the technical and organizational security measures applied to ensure a level of safety relevant to the risk.
- Heading: starting from today, the insertion of personal data, such as data processors or DPOs, can be performed by looking for data from a global address book. In this way you save precious time.
- User activity list: we have added a new section in the left menu. It keeps track of all user activities, distinguishing between insertions, changes or deletions. For a more immediate search you can filter by user or organization.
- Quick access to the organization section: from today you can directly access the assets or organization while compiling the processing activity without changing the screen or making many clicks.
- New print models: we have greatly improved print templates for authorized persons, data processors and system administrators. We have also improved the models of processing activities registries.
- Organization data: access to organization information has been further facilitated and now the navigation menu is completely visible without having to move left or right with the darts.
- Explanation of impact levels: within the evaluation of processing activities we have inserted an explanatory note that helps to interpret the different levels of impact: low, medium, high, very high. Fundamental to use the assisted evaluation mode for the calculation of risk.
- Approvals page: starting today, verifying changes to processing activities is easier. We have inserted the possibility to filter them by register.
- Bug fixes and performance improvements: we fixed some bugs and improved the overall level of performance.
Calculation of risk on processing operation, printing templates, asset management and authorized persons
- Risk calculation: for each processing activity you can obtain, with a simplified and guided method, the general risk level. If it is high, UTOPIA invites you to draft the DPIA, automatically creating the register in which to proceed to the impact evaluation.
- Improvement of registers: from today the collection of data related to impact evaluations, privacy policies and data breaches is more orderly and intelligent. During their insertion UTOPIA indicates the exact destination specifying the existence of a register available for that data, and in case of absence, invites to create a dedicated one.
- Insertion of authorized to processing activities: now adding authorized persons on a processing activity is faster. In addition to single insertion, you can organize mass insertions starting from specific company areas, based on the structure of your organization chart.
- Attachments in the data breaches: starting from today the compilation of a data breach is enhanced with the possibility of attaching documents of any kind.
- Access to documentation: to deepen UTOPIA's functionalities you can access our support material directly from the left menu of the application. For each organization you can motivate, in the DPO Tab, the choice not to designate a data protection processor.
- Asset Grouping: from today you can group and organize assets by type or by owner.
- Improved layout and correction of malfunctions: we have improved the layout of some pages and corrected some malfunctions.
Co-ownership of the processing, sub-data processors and DPO data
- Sub-data processors: we have introduced the possibility to manage also the sub-data processors of a processing activity as indicated by the regulation
- Joint ownership agreement: you can add a joint ownership agreement to the joint controllers tab so that you can always get it by logging in.
- New export setting: we have added the possibility to choose the separator character used to export documents in CSV format. In this way, opening with Excel is easier.
- Improved layout and correction of malfunctions: we have improved the layout of some pages and corrected some minor malfunctions.
Choice of legal basis, collaborators authorization and documentation
- New fields: we have added new fields to the processing activities that allow an even more detailed identification.
- Conservation: we have added the possibility to indicate for each category of personal data, the retention period or, alternatively, the criteria that must be used to determine it. This change includes a fundamental requirement of the new regulation that requires to specify, for each processing activity and, for each category of data contained in it, the terms of conservation.
- Export of processing authorization document: also the print layout of the designation document has improved in content and a new template has been added completely dedicated to system administrators
- Export of authorization document to the processing activities: also the printing layout of the nomination document has improved in the content and a new model completely dedicated to the system administrators has been added.
- Function data processor as authorized: the function data processor can be added automatically to the processing activity without having to manually censor his data. To do this, simply indicate your tax code.
- Collaborators authorizations: a new way of sharing processing activities is available to users of the type collaborator. You can choose between 3 sharing modes: by organization, by register and by processing activity. None excludes the other and all together guarantee maximum flexibility and control over access management.
- Improved layout and correction of malfunctions: we have improved the layout of some pages of the app and corrected some minor malfunctions.
Processing operations, export of records and assets
- New dashboard: The new dashboard shows a complete overview of the status of the activities of all existing organizations and allows you to search and sort them according to different criteria and advanced modes.
- Improved export of registers: the export of a register can be done either from the list of registers of each organization or from the detail page of each individual register.
- New Process Field in Processing Activities: We have added the Process in Processing Activity field to allow you to detail how certain processing activities are performed.
- Asset repository: from now on it is possible to survey an asset without the need to refer it to a processing activity, but with the sole purpose of recording it in UTOPIA and using it in case of need. This type of asset will not be evaluated in the calculation of the % of completion of the data of an organization.
- Various improvements: malfunction correction and performance optimization.
Dashboard and UTOPIA Privacy Score
- New corporate asset filter: you can filter the assets of an organization so that you can focus on those that interest you.
- New app navigation mode: You can navigate the contents of the app using the forward and backward arrows in your browser. With a single click you can access the app screens (or specific sections of the app) and side tabs. Navigation becomes easier and smoother.
- Dashboard (BETA): The new dashboard shows the completion status of the different tasks you can do with UTOPIA. It gives you an overview of the status of your organizations and allows you to focus on the interventions that you think are necessary.
- UTOPIA Privacy Score (BETA): The privacy score indicates the quality of the privacy system and the risk to which the organization is exposed. It is the result of an algorithm that takes into account the following factors: completeness of information relating to the personal data of the organization, records of processing and, where there are privacy policies, impact assessments and data breaches.
- Various improvements: correction of some malfunctions and optimization of performance.
Percentage of completion of data, assets and rights of the data subject
- System of completion of activities: we have introduced a system of calculation of the percentage of completion of activities so as to understand, for example for a processing operation, how much work you still have to do.
- Disable the UTOPIA logo in the word documents: by accessing the new section Settings > Prints you can remove the UTOPIA logo from all documents produced by the app.
- External assets of data processors: from now on, it is possible to map assets that reside with data processors of a processing activity (e.g., from a service provider).
- Grouping of assets: to facilitate consultation of the assets, we have grouped them into: internal assets of the organisation, external assets from the data controllers (for the data processors) and external assets from the data processors (for the data controllers).
- Print improvement: we have improved the layout of some prints by removing from these optional and unfilled data, increasing clarity and legibility.
- We have also corrected minor malfunctions and improved the performance of the entire system.
Processing operations, register templates and impact assessment
- Processing Activity Register Model: For similar organizations, you can create a register from a model you set. From it you can create more for the organizations you want, saving valuable hours of work;
- Duplication of processing activities: you can duplicate an entire processing activity without having to manually copy all the data. From one register to another and also between registers of different organisations;
- Automatic DPO addition: when an organization has only one DPO it is automatically added to the processing activities, without doing it manually each time;
- Improved printing of registers: data that you do not fill in and that are not mandatory will not be included in the register. This makes it more compact and improves readability;
- Classification of economic activities: Processing activities register models and organisations have in common the type of economic activity that is used to apply a certain model to a given organisation. We have adopted the NACE Rev. 2 classification (L2). We suggest that you classify organisations correctly in order to use the register models;
- DPIA summary result: a new field has been added to specify the outcome of an impact assessment;
- Improved form content organization: We have improved the layout of the fields within the forms to facilitate consultation and improve overall usability;
- Improved domain deletion: exercise your right to be forgotten by destroying all your data even from our backups. To do so, go to Settings > Domain Destroy;
- New Asset type: Virtual Server
- We have also corrected minor malfunctions and improved the performance of the entire system;
Built-in catalogues, retention limits and data processor processing operations
- We have significantly improved the performance of the entire platform. From now on, the use of interfaces is more fluid and responsive;
- We've changed our management of processing activities retention limits. From now on you can indicate the limit alternatively by expressing it in terms of time or indicating the criterion of conservation;
- We have finally added new preconfigured catalogs to speed up data entry. Specifically: organizational chart elements, purposes, types of personal data, categories of data subjects, categories of personal data, categories of recipients, international organizations, risks, sources of risk, impacts, threats and security measures;
- From now on you can also save organizations with partial data if you don't have them immediately available;
- We have added a new type of asset: cloud software;
- In the view of the data processor you can view the processing activities related to him without having to search each time within the individual processing activities;
- We have removed some required fields from the referrals, DPOs, etc,
- so that you can add them even if you don't have all the necessary data immediately;
- From today you can add organizations not subject to VAT number;
- We have also corrected several minor malfunctions;
Management of authorized persons and creation of privacy policies
- You can finally manage the authorized of processing activities (former processors) by creating them one at a time or importing them through CSV files (comma separated values);
- You can also create your processing authorization documents in Word format (.docx);
- We've made a minor change to the records. From today you can also register international organizations.
- We have improved the process of creating and generating privacy policies by adding references to GDPR articles regarding whether or not consent is mandatory.
- We have also improved the overall performance of the system, introduced minor changes that improve its usability and fixed some malfunctions;
Data breach analysis, review of impact assessments and approval data
- You can conduct the analysis of a data breach and produce the documentation in Word (.docx), PDF or Excel (csv) format;
- You can review a DPIA by automatically calculating the next review date based on the set periodicity;
- We have added, in the register of processing operations, the data controller column in the case where the register is made as data processor;
- In the approvals, in each processing operation, the register to which they apply shall also be indicated so as to distinguish two apparently identical processing operations;
- We have enriched the asset catalogue and added two new ones: UPS and Telephone exchange;
- We have improved the overall performance of the system and introduced minor modifications that improve its usability;
Documents export and new information on data processor activities
- You can export an Impact Evaluation to Word (.docx) and PDF format. Simply go to the Impact menu, select the one you are interested in and click the Export button.
- You can finally produce information and consent in a few clicks thanks to the update system that remembers and takes into account, always, all the changes you make to the processing activities;
- For each Data Processor you can indicate for which activity he has been designated through a dedicated field;
- General platform improvements and bug fixes;
Improved organization and management of assets
- For each organization, from now on, you can specify if it also acts as a data processor or just as a data controller. In the first case, enter the data controllers in the new section Data Controllers and then you will be able to refer them inside processing activities.
- All companies that also act as data processors can also census external assets. External assets are physically located by the data controller or associated with it but managed by the data processor.
- Abbiamo migliorato l'esperienza d'uso e corretto alcuni malfunzionamenti.
Asset management and usability improvements
- You can easily create groups of assets of the same type
- We have also updated the list of Italian municipalities with the most recent changes
- We have improved the user experience when you upload a document
Improved management of the record of processing
- You can also export the processing activities registries in Word format (.docx)
- You can customize the layout
- You can turn it into a PDF file
DPO, designation of the data controller and compatibility with Internet Explorer
- You can indicate if the DPO is internal or external and also attach the service contract (in any format)
- You can manage the designations to the data controllers by indicating the data, any expiry date and attach the document (in any format)
- You can indicate where an asset is located and to which office it belongs
- UTOPIA becomes compatible with Internet Explorer 11
Collaborators management, right to be forgotten and improvement of approvals.
- You can centrally manage all collaborators directly from the Settings menu
- You can check the value of a processing field before modifying it: go to the Approvals menu, click on a processing and move the mouse over the modified field.
- You can exercise your right to be forgotten and request the destruction of all your data, even from our backups (only if you are the owner of the domain). Go to the Settings menu and click the icon at the top right of the toolbar.
- You can census organizations with registered offices in San Marino
- You can add to the assets of an organization the new type: Network equipment
- All changes to the processing operations are tracked. If you forget to save them, UTOPIA will inform you!