Are you ready for the General Data Protection Regulation?
Data Privacy Impact Assessments and establishing a Compliance Framework
The GDPR places a specific requirement on organisations whereby data controllers should implement appropriate technical and organisational measures to ensure and demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary.
This necessitates organisations to adopt and implement a compliance framework that sets out the structured set of policies, practices and processes that bring about compliance to the regulation.
A typical privacy compliance framework will be made up of three core categories of activity, namely people, process and technology.
Request a quote for our GDPR audit
The framework must cover all activities that involve the collection, use or other processing (including deletion and modification) of personal data. Contained within the framework must be:
- Objectives (SMART)
- Key Processes - Incident management, Change Management, Corrective Action, Risk Management and Continuous Improvement (PDCA Cycle)
- Personal Information Management Systems (PIMS), Information Security Management System (ISMS) ISO 27001, Confidentiality, integrity and availability of InfoSec.
- Process against roles – RACI Charts (Responsible, Accountable, Consulted, Informed)
- Data Privacy Officer (DPO)