What is complyThing?Julie WhitingMarch 4th 2019
With GDPR in action, many organisations are looking for something that will help them to keep compliant to this important regulation and avoid fines and a damaged reputation. We spoke to our D365 Solution Architect, Nathan Hawkins, who has been involved with our product, ‘complyThing’, from the very beginning. So, what is complyThing?
Quite simply, complyThing is an app that has been built on D365. The purpose of this product creation was to help organisations manage data governance and compliance of any auditable or certified processes. Sound good? Read on...
Building products is something we do at cloudThing, but it’s not at the core of our business.With that being said, what lead to the creation of complyThing? We are a software house who deals with some large organisations and so we daily deal with the data sets that they share with us. In order to use this for testing and development, we make sure that we holdall of the relevant certifications to prove that we are capable of doing just that- this means that organisations can trust us to safely handle the data provided. Getting these certifications must be easy then, right? Think again, these certifications can take quite a bit of time to achieve and require a lot of man-power to keep them up-to-date when it comes to making sure that our processes are documented and auditable. We were having to manage this on Excel spreadsheets and paper-based systems and therefore, found it difficult to monitor them efficiently on a monthly basis. The biggest issue was in monitoring the updates and making sure there were completed by the date they needed to be.
After finding the processes that we needed, we started to implement some of them into Dynamics which made it slicker and easier to monitor and see where we are in the certification process. This made our lives significantly easier and so we thought that it could be helpful for other organisations in the foreseeable future. One of our certifications, ISO 9001, is not specific to our IT sector and so it is achievable by most businesses. By releasing this tool, it could help other businesses monitor their own certifications.
What complyThing won’t do is look at software and data within a company and decide if it’s sensitive or GDPR compliant. Unfortunately, it’s not a magic wand but it’s close enough when you look at what it will do! The purpose of this tool is that we have pre-defined a set of processes in different areas depending on the certifications that you are looking to achieve so that you can monitor and maintain the data that you have. complyThing makes sure that all the boxes are ticked, that you’re doing things as they should be done, and you understand what data you hold, who it’s shared with, who has access to it and who the controller is. Therefore, it’s really effective in helping someone manage their data as needed and required by the GDPR, rather than discovering if the data is sensitive etc.
Anyone within the business who is in charge of maintaining data and certifications would find this tool the most useful. So certainly DPOs, data controllers, data processors would use this to its full capacity and with all that in mind,it’s built on Dynamics365 where security is flexible in the sense that you can control who sees what data and who has what access. All of this is controlled in the tool itself! The positive about this is that it’s locked down, meaning that it’s a high field so people shouldn’t be able to explore/see any data that they shouldn’t. This will inevitably make it easier for when Subject Access Requests come in and you will be able to tailor the tool to how your business needs to react to these requests.
complyThing is a product so naturally it will mature. It’s currently in its infancy stage but we’ve put it out there as we start to use it. It’s a good start for anyone trying to manage data governance etc and we are planning to develop it into doing daily tasks like risk management and managing audits. We’re also hoping to have regular updates on a monthly basis to bring a new functionality, as and when it’s implemented.
It can actually be bought as a stand-alone app or if you already have Dynamics, you can just purchase a license from us and have it as a bolt-on into your existing D365 system. Again, it will only be visible and accessible to your users that you grant permission to. It’s a great example of D365 and what’s mis-understood sometimes it that this system is just for Sales and Marketing- it's not! It can be used in lots of different departments in order to make processes quicker and more efficient, and to get rid of spreadsheets! So, it is great for anyone to use!