GDPR Accelerator
Leverage the ServiceNows® platform with BECK to be completely GDPR confident. We have partnered with Wrangu to bring you a GDPR accelerator to provide the best results for our clients.

The Wrangu GDPR Accelerator provides current and potential ServiceNows® clients with ready to deploy applications to rapidly advance it's GDPR program

The package contains modules to support key articles of GDPR such as the Data Protection Impact assessments, Subject Access Requests and Data Breach reporting. These Wrangu GDPR applications can be used independently but bring more value when combined with the strength of ServiceNows® Policy and Compliance application, Risk Management, and Security Operations.

GDPR Portal
Subject Access Request
Request Access to Data
Key Features
Integrates seamlessly with ServiceNow® Policy & Compliance, CMDB and Security Operations
A ServiceNow portal providing user engagement to support Subject Access Requests as well as act as an entrance point for employees engaged in assessments and impact assessment screening.
Subject Access Request fulfilment (SAR) module
Comprising of a front-end exposed via the above-mentioned portal the SAR module provides a generic accelerator for the requirement to allow and respond to Subject Access Requests.

The module is shipped with workflows to support the various SAR types, currently provided are;

• Request for PII data

• Request to have PII data rectified

• Right to be forgotten/data erasure

• Provide consent

• Withdraw consent

• Submit an objection

Data Protection Impact Assessment (DPIA) module
Provides ability to perform a DPIA screening questionnaire for new projects or existing assets. Key components of the module include: Capability for 3rd Party vendor assessment, configurable risk calculation engine and dynamic workflows.
Record of processing activities module
Article 30 of the GDPR requires the documentation of processing activities under its responsibility. This module provides the necessary structure and relationships to allow for this record. Key components of

this module is:

• Records within this module document the appropriate contact details of various data controller personnel as well as the Data Protection Officer

• The purpose for processing can be configured based on the customers' needs via the administration module

• Provides the ability to relate a record of processing directly to services or configuration items within the ServiceNow CMDB

• Contains the many distinct pieces of information required to satisfy the GDPR Record of Processing Activities requirement

Data Breach Incidents module
Provides the core functionality required to show compliance to article 33. Key components of this module are:

• Supports a standard process to support the Analysis, Containment, Recovery and Review of potential or real data breach events.

• Tracks the various data elements required in the reporting of data breaches to supervisory authorities

• Seamless integration with ServiceNow® Security Incident Response module

• Fully configurable to clients' needs

Ability to document information layers
The classification of the CMDB (Asset) data to identify Configuration Items (CI's) that process or store PII data. Key components of this module are:

· The ability to map low level CI's holding GDPR relevant data to customer or employee facing services gives the ability to ensure the correct assets are targeted with the correct control tests.

· The information layering capability provided in this solution forms the basis for automation in the area of data collation in preparation for responding to a Subject Access Request

· In cases of Security Operations if an organization becomes aware of an attack on it's assets by an adversary, if the CI's (or their relations) are relevant to GDPR containment and eradication they can be correctly prioritized.

Administration module
Administrative configuration elements and data properties influence data presented to the user in the core modules SAR, DPIA, Record of Processing Activities, and Data Breach Incidents. Key administration

modules are:

• Information Categories and Layers

• Legitimate Processing Interests

• Data Subject Categories

• Information Transfer Methods

For all queries, sales information and more, please reach out to our operations team at:
We look forward to sharing our vision with you!