Iconfirm - operational privacy
Embed into operations to ensure efficient and effective privacy
Independent collaboration hub for practical privacy
When real privacy matters
Iconfirm is a secure platform for the processing of personal data. As a specialist, Iconfirm follow the development of privacy regulations and their interpretations closely and the concern about details and nuances is also reflected in the technology. Nevertheless, solutions must be practical in order to have an effect.
The features offered ensures privacy with a high degree of precision and quality. Together, they can provide a unique overview and control - both within your own organization and across the value chain.
Our technology, your security
Document
The regulations require organisations to document what personal data they process, as well as why and how the processing takes place. The Iconfirm solution helps to structure and document this in a logical and dynamic way.
Inform
Transparency is a key principle in the regulations with clear disclosure requirements. The organisations that offer people clear and specific information and are able to manage their rights, builds trust.
Governance
Most processes contain personal data, information that either directly or indirectly can be linked to a person. These processes are at the core of an organisations cash flow and, thus, value. Hence, privacy is essential for sustainable business models and building and maintaining trust of your customers and users.
GDPR states that an organisation must be able to demonstrate compliance. More and more investors are using ESG ('Environmental, Social and Governance') criteria in their assessment of investment opportunities.
Iconfirm makes it easier to demonstrate this compliance, to individuals, customers, auditors and authorities.
Save time - Ensure quality - Build trust
Ad-hoc reporting increases the risk of errors and often results in poor precision. At the same time, it is inefficient and creates duplication of work. Reuse of data directly from the source ensures quality and integrity.
Resolving tasks where the knowledge sits
Documentation
GDPR require high standards and comprehensive documentation. At the same time, it is very difficult to know what processing is actually taking place in different parts of the organisation. Iconfirm facilitates that the preparation and maintenance of the documentation takes place by those who has the knowledge.
Daily operations
Integrating Iconfirm into the operations makes it easier to log continuous compliance. For example, obtaining consents, fullfilment of the data subjects' rights such as transparency, erasure and rectification. Iconfirm also makes it easier to process requests for access or data portability. For those that need additional security, we can help store and protect data and manage flows.
Collaboration in practice
An operational line organisation knows best how they actually use a system; for what purpose and on what basis. The systems provider knows best the information about security of processing, sub processors etc. The Iconfirm vendor management solution allows those who knows best the opportunity to maintain the relevant data. All information is available in a structured form so that it is easy to create consistent documentation such as records of processing activities and data processing agreements that meet the needs of both the data controller and the data processor.
Another example is in the event of a data breach where effective collaboration is important. The data processor shall report to the data controllers, who in turn must consider the need to to notify the authorities and affected data subjects. Here it is important to have good and uniform communication and cooperation on necessary measures to close the breach and mitigate the effects.
Another example may be the notification obligation regarding rectification, erasure or restriction of processing where the data controller shall notify all recipients to whom data has been disclosed.
Data Controller
When those with operational responsibility can document their activities in a decentralised way, it creates better engagement and precision without losing the central overview.
The software provides the data controller with a suite of services that are continuously developed to meet the requirements of the regulations with a high degree of precision. This reduces the risk of non-compliance and breaches of privacy.
Data processor
Iconfirm has a special subscription for data processors that meets a number of the requirements imposed on the data processor. E.g. maintaining details about the processing done on behalf of specific controllers enable the processor to appropriately obtain consent for the change of sub-processors or provide timely reporting of audit documentation in an efficient way.
The Data processor will also have access to all functionality needed to manage the requirements where they have controller responsibilities.
Data subjects
Iconfirm has developed its own Privacy Portal where individuals can manage their consents, rights and privacy dialogue with the Data Controller. At the same time, it ensures an easy way for the Data Controller to manage the processes and document all activities. This builds trust and confidence in the relationship.
Gains
- Consistent documentation and enhanced integrity
- Dynamic link between processes, systems and categories of data subjects gives good overview
- Templates and examples for easier onboarding
- Structured, continuously updated and readily available information
- Easier and uniform follow-up across the value chain
- Communication, tasks and notifications
- Incidents and breach reporting
- Subject rights request resolution
- Audit eports and security documentation
- Time stamps and logs to document continuous compliance
- Internal and external reporting
Software as a Service
Technology
Iconfirm is designed for the secure processing of patient data with privacy by design and default principles deeply embedded into the software's code and logic. The secure platform was caved out from the Nordic region's leading collaboration platform within private health, which is currently used by the largest banks and insurance companies, as well as over 1,300 hospitals and clinics.
The solution is robust and scalable and has been in continuous operation since May 25, 2017.
Languages
The Iconfirm solution is currently supporting the following languages:
- English
- Norwegian
- Swedish
- Danish
Internationally recognised innovative solution
PwC Germany Legaltech scale programme
(1 of 8 selected ager screening 750 startups across Europe)
Use examples
Records of processing activities
Detailed records on the basis of information from process overview and systems register.
- Ensure consistent information
- Between controller and processor
- Data Processing Agreements and the Records of processing activities
- Delegated maintenance to line organisation for efficiency and quality.
- Excel report
Systems-/recipient management
Structured and detailed information on systems, processors and third party recipients.
- Documentation
- Specifications of nature of processing and categories of data
- Technology, security of processing, subprocessors.
- Links, attachments and audit instructions
- Contact details to key personnel
- Contains all needed information to complete data processing agreements
- Quality assurance prior to new technology is implemented into organisation.
- Role based access
- APIs for integrity in data processing
Consents
Verified consents
- Data subject authentication
- Good solution for the handling of parental/legal guardians confirmations
Central register
- Central register for efficient consent management, overview and control
- Complete overview of all consents with search function and filtering
- Always updated and complete
- Detailed logs and full versioning
Integrity
- Limit processing until valid consent can be documented
- Synchronise across multiple applications
Data subject rights
Structured process for efficient workflow and swift response
- Secure communication and sharing of information
- Notifications and detailed logs
- Efficient collaboration with third parties
- Flexible scope
- Quality assure progress and follow-up
- Opportunity for automation
Data processing agreements
Autocomplete Data Processing agreements on the basis of information in the systems register.
- Standard template ancored in European Data Protection Board by the Danish data Authorities.
- Consistent information
- Between data processor and controller
- Data processing agreeement and records of processing activities
- Ensure effective fulfillment of the agreement - over time
- Change of subprocessors
- Security documentation and audit reports
- Overview and control of all data processing agreements
Document center
Ensure efficient access to all relevant documents
- Policies and Instructions
- Specific privacy notices per category of data subjects
- Specific and granular consents
- Confidensiality agreements
- Power of attorneys and confirmations
- Links to other systems and documentation (Risk assessments and DPIAs)
Special functionality
- Easy online publication (passive)
- Active notification via SMS/email (logged)
- Integrate in data flow / customer journey
- Full versioning
Incidents
Utilizing the platform infrastructure and reuse of structured information already collected facilitates:
- Easy to report, swift response
- Own organisation as well as data processors
- Quick overview over consequences
- For larger incidents, there is an opporunity to make updates and versioning as the case progresses
- Action oriented
- Audit log
- Reporting/Notifications (under development)
- Response team
- Authorities
- The affected
Risk assessments and mitigating actions
Many businesses have good tools and procedures for risk assessments. Very often these are oriented around the business' risk. In privacy, it is the risks for the Data Subject that are important. Using a common solution for risk assessments, the two may easily be confused.
Iconfirm has made it easy to make risk assessments and implement risk-reducing measures linked directly to systems or processes.
- Gives good opportunity to assess information security risk on systems while considering the risks of breaches of privacy principles and subject rights in processes.
- Easier to focus on the data subject's risk.
- Connection to the incident module
- Mitigating actions with deadlines and follow-up. Also possible to set recurring measures with notification.
- Support for templates. Resource bank on risks and effective measures under development.
Integration and automation
Ensure effiency through integrations with key work applications, allowing personnel to work in a familiar environements
- Automate documentation processes in the background
The solution is well prepared for integration into excisting work flows and procedures
- Adapters and APIs for automation across multiple applications
- Data exchange and file share integrity
- API keys for easy and secure authentication
Simply
Ensure privacy without disruption to daily operations.
Secure
A secure platform originally designed to process patient data.
Trust
Transparency and efficient response are key to build trust and confidence.
Compliance
Automated logging of activities and task resolution.
Advanced data management
Personal identifiers
Use ICONFIRM to segregate and distribute personal identifiers
- Pseudonymisation and split processing.
- Privacy by design and default
- Great flexibility where each client can define which personal identifiers are processed for which categories of data subjects, purposes and in which underlying systems.
Secure storage
- The solution is designed for secure handling of patient data.
- Every client has own encryption key. Key vault encrypted as well.
- Out of the box solution for privacy by design and default.
