Data protection compliance with Metasoul

What is the basic process in Metasoul?

To make the fulfilment of data protection requirements as easy to understand as possible, there are two core elements in Metasoul: the company profile and task management.
When you enter Metasoul for the first time, you will be taken from the introductory sequence to this Company profile guided. Here you answer basic questions about your company and related data protection issues. Some content in the various Metasoul modules is already created from your information.

More important than the content, however, is the Task management, which should now be your central point of contact for all tasks that still need to be completed. Basically, all you need to do is gradually complete all tasks in the task management system. The respective tasks will tell you what needs to be done and you can be forwarded directly to the relevant area. Once completed, the task closes automatically.

As not all documentation can usually be recorded automatically despite the company profile, you will also see tasks such as „Complete VVT and confirm completeness“ or „Confirm completeness and correct implementation of TOMs“. Here you, as the person who knows the company better than Metasoul, must ensure completeness. But don't worry, as with almost all more complex topics, there is a blog post like this one. These „How-Tos“ are already linked directly in Metasoul and lead you to easy-to-understand instructions.

Work your way through the task management until there are no more open tasks and you have completed all Metasoul modules.

This is where the bad news begins: You are not finished and forever „data protection compliant“ as you will receive new tasks at regular intervals in which you will be asked to check that the documentation is up to date and make any necessary changes.

The good news is that this is exactly what the GDPR requires and you fulfil the expectation of recurring reviews. It also lays the foundation for ensuring that your documentation, order processing contracts and data protection guidelines are always up to date and therefore data protection-compliant. 

What's the deal with „Completing steps“ and „Marking as complete“?

Data protection documentation is a living document that is basically never „finished“. Every time something changes in the company in terms of tools, service providers or service offerings, data protection is usually also affected. Nevertheless, at some point you have to define that you are complete at a certain point. With Metasoul, we display this as a separate button in the modules, which you can use to let us know that you have completed the entries in a module to the best of your knowledge and belief. Only you can determine this point of completeness. If you mark a module as complete, a timer will start to run and you will be reminded after a few months to check that everything is correct.

You will find a similar function in the VVT processes stepper. Here you can „finalise“ individual steps. When all steps have been completed, a VVT process counts as „fully documented“.

What if I don't know what to do next?

If you get stuck and reach a point where even our blog posts can no longer help you, let us know. You will find a question mark at the bottom right where you can give feedback or ask questions. We will gladly try to help you in this way.

Conclusion

Metasoul is a tool that greatly simplifies your path to data protection compliance. While you answer simple questions about your company in the company profile and thus lay the foundation for relevant data protection documentation, you always know what to do next thanks to the task management as a central element. Our blog posts are a good way to help you better understand the „how“. If you ever get stuck, contact us via the support function on our platform.