By @carlosborella
The European regulation of personal data protection called (GPDR - General Data Protection Regulation), was approved in April 2016 and required as of May 2018.
The applicability of GDPR There are still some questions and companies in many situations may already have the controls necessary to meet their compliance requirements, but some basic activities need to be addressed in order to drive the organization.
Here are some actions that may help at first:
- Awareness: identify business leaders and key people in order to make them aware of the potential impacts generated by GDPR (forums, workshops, etc. are recommended to clarify what GDPR is);
- Stored / Processed Information: create an inventory of stored and processed personal information with inbound and outbound mapping (sharing);
- Privacy Policy and Rights: revise the current privacy policy to meet GDPR requirements and internally map where personal information is stored and / or processed, as well as the format thereof;
- Response to requests for information: create / update the plan and format to meet the deadline and types of requests that may be made by competent bodies and / or clients;
- Legal Bases: identify and document which legal bases support your GDPR compliance activities and subsequently update your privacy policy / notice;
- Consent: assess whether information consent consents comply with GDPR requirements. In particular, be careful to obtain authorization from guardians when dealing with minors;
- Incident Response: review and ensure the existence of means of detection, reporting and investigation in the event of an incident involving breach of confidentiality;
- DPO (Data Protection Officer): designate a data protection officer, defining where this new role will fit into the organization and governance procedures.
Self-Assessment Tools Tips
In order to assist companies, some international bodies, such as the ISACA are making available on their platform a tool that allows an initial assessment (or self-assessment) of the controls required by GDPR.
More information can be obtained at:
https://gdprassessment.isaca.org/
In addition, other self-assessment tools can be found and used to let your organization know where you are and where you are going in relation to GDPR compliance.
More information can be obtained at:
Finally, the ICO (Information Commissioner & #8217; s Office) is an independent UK-based information rights body providing a segregated self-assessment tool by its company in the processing of personal data.
More information can be obtained at:
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
* Carlos Borella is Information Security Manager [SAFEWAY]
Want to know more about GPDR Assessment?
Contact us: [email protected]
About [SAFEWAY]
THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:
● Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;
● [SAFEWAY] Security Tower, supported by IBM Qradar (Watson technology), tailored to each organization in its security and cyber defense management needs.
● And others, involving technologies Imperva, Thales, Tripwire and WatchGuard Technologies.
