Explore Group & Dastra
The technical support has proven to be excellent, with high responsiveness and relevant answers.
1. Introduction
In the context of this feedback, we had the privilege of interviewing Ms. Nguyen, who holds the position of Data Protection Officer (DPO) and Legal Expert at Explore Group, as well as Ms. Peritore, who is in a learning phase at Explore, in the summer of 2023.
Their role is to manage compliance with the General Data Protection Regulation (GDPR) within a Group whose subsidiaries specialize in the collection and processing of data (personal and non-personal) and the provision of qualified information to B2B clients in various sectors (real estate, construction, public procurement, etc).
They share their impressions on Dastra, focusing on crucial aspects such as the choice of the tool, the objectives, the issues encountered, the user experience, the observed benefits, and finally, their feedback on the use of audits and cookies.
2. Why choose the GDPR Software Dastra?
Before the arrival of Bao-Mi in 2021, a different GDPR software was used. When Bao-Mi took over the tool, she found it to be not very user-friendly and lacking in key elements, with a limited ability to achieve significant granularity.
It was crucial to map data processing operations as detailed as necessary, especially regarding the challenges related to sub-processors.
Dastra stood out as a highly ergonomic tool, offering a granularity that allows for exploration as in-depth as needed.
It is also easily usable for users whose profession is not specifically related to the legal field, such as those working in production, including professions that are not familiar with GDPR or IT.
Dastra is also recognized in this field, presenting didactic features and ease of deployment. Naturally, price remains a parameter to be taken into consideration, and adopting Dastra implies a significant cost.
However, it is considered justified, especially for companies operating in the field of data, as it offers a more thorough control and management of information.
3. Issues prior to Dastra
Before opting for the Dastra GDPR platform, Explore's main issues were ergonomics and better data control, especially concerning the identification and management of sub-processors.
The use of Dastra offers the possibility to centralize all assets and sub-processors, while facilitating the search for existing links. This approach proves particularly advantageous, notably in terms of ergonomics and quick understanding and management of data flows. From a data management perspective, Dastra allows for a comprehensive visualization of all related Data Processing (DP) activities. In case of potential breach, this functionality represents significant time savings, ensuring quick and effective responsiveness.
The role of the DPO is optimized through Dastra.
It enables comprehensive and operational handling of the legal aspect. This solution provides a strategic vision for the DPO as a project leader, aligned with the vision of executives.
Dastra also increases operational efficiency by facilitating tasks such as duplication and starting from a DP as a template.
From the subsidiaries' perspective, the integration of Dastra strengthens the company's position as a driver, providing an enriching experience. The subsidiaries can draw inspiration from the company's experience, thereby facilitating a deep understanding of processes and saving time. This approach promotes a positive perspective, both operationally and psychologically, by avoiding starting from scratch and providing a solid basis for continuous development.
This also helps to harmonize practices, share a common vision of GDPR within the Group, and have an overview of the Group's processing activities.
4. User Experience with Dastra
The user experience of the tool has been identified as longer than that of other tools, due to its complexity and increased precision, especially for those who are not accustomed to using such tools. This is due to the more advanced nature of the tool, which requires a more in-depth familiarization.
The initial training proved to be very effective, with a well-paced rhythm and clear, precise, and logical explanations. The interaction with the trainer has been enriching, and exploring the tool's features in detail from the start has been particularly beneficial in understanding the possibilities offered.
The summer period of user experience began with a first 4 to 5-hour day dedicated to reading and manipulating a data sheet. However, using a laptop screen made this task more difficult. Over time, familiarity with the tool increased, but it took about a week to effectively master the tool.
A notable mistake was not starting with the repositories and implementing data sheets directly. It would have been wiser to start with the mapping and cleaning of the repositories to avoid going back to old data sheets. The registry was finalized at the beginning of the year, with increased effectiveness in handling repositories.
Technical support has been excellent, with high responsiveness and relevant answers. The constant availability of assistance has been highly appreciated, facilitating quick problem resolution.
Dastra has significantly simplified processes once the tool was mastered. Some features, such as bulk actions for mass addition of sub-processors, have been highly appreciated despite their less intuitive accessibility, suggesting an improvement in the FAQ or search instructions.
Extracting the registry has been a sometimes tricky process, requiring special attention to selecting the appropriate items. The repositories have been easy to handle, with a logic based on datasets, simplifying data processing.
Regarding breaches, the tool is not currently used, as Dastra's automatic analysis, based on specific criteria, may differ from the analysis performed by internal teams. However, it remains an interesting tool to quickly determine whether a breach needs to be notified or not.
The DTS exo module, although not yet implemented due to lack of time, was a selection criterion for Dastra. Automating the receipt of requests through a form and response templates will be a significant time-saver. The prerequisites have been well received internally, anticipating a well-perceived request management tool.
5. Benefits of using Dastra
The main strength of Dastra lies in its extremely precise data control. It offers the possibility of having an overview of all processes, tools, and data. By simplifying and facilitating the creation of a significant portion of the documentation, Dastra allows for accomplishing much in a short time.
The deployment of Dastra within a group brings significant added value, with remarkable efficiency. The direct consequences of using Dastra are multiple: time savings, improved efficiency, overview, harmonization of repositories and practices.
The solution allows for staying informed about any new data processing or activity, which was previously challenging. This centralization of information facilitates the management of Data Processing Agreements (DPA) within Dastra, thus contributing to more effective contractual management.
The resources provided by Dastra, both in terms of monitoring and document templates, are excellent and extremely useful. This quality information contributes to aiding the daily work of the DPO.
Dastra stands out not only for its remarkable efficiency but also for its attractive and pleasant design.
The graphics and dashboards are not only performant but also aesthetically pleasing, offering an overall positive user experience.
6. Use of Audits and Cookies
Audits are used to assess suppliers' compliance and for Data Protection Impact Assessments (DPIA).
Creating custom questionnaires on security and GDPR compliance makes it easier to send them to suppliers via a link integrated in email.
The key advantage is the customization of questionnaires, with the ability to adjust questions based on previous responses. The question templates simplify creation, and the module is comprehensive and intuitive.
An ongoing project aims to develop a questionnaire to assess employees' understanding of GDPR issues.
As for cookies, the module may seem complex at first, but improvements have been made. The customization of the cookie banner has been enhanced to allow for more effective management, offering a convenient preview.
7. Conclusion
Overall, Dastra offers a comprehensive, visually easy to grasp solution, with easily accessible datasets.
The global overview of the registry is particularly appreciable. The combination of Dastra's pedagogy and documentation has proven to be very useful for progressing and revisiting concepts. The explanatory videos are practical for an effective tool adoption. Importing processes through a template is convenient, and the responsive live chat support allows for rapid progress.
The software, although comprehensive, remains pedagogical and easy to understand with the help of informative tooltips and videos. Users quickly feel empowered on the solution. The benefits offered by Dastra, such as facilitating compliance and saving time, are notable. Creating processes, audits, and exporting are simplified. Dastra stands out for its comprehensiveness and pedagogical approach, offering an overview that is not always present in similar software.