Policies – part 2… from principles to processes

Online GDPR staff training – free sample https://dataprotectiontrainingcentre.com/demo

Find out more about developing effective policies, procedures and processes with Daragh O’Brien…

The GDPR sets out 7 principles which give us a high level overview of things you need to consider as an organisation. To bring maturity to your risk governance framework, organisations should think about how these principles are applied to their data processing activities. The most effective way to carry out this exercise is to develop a hierarchy from principle right down to the processes in your organisation.

The most appropriate way to develop this hierarchy is to move from principles to policies, from policies to procedure and from procedures to processes. These processes will determine the how good data processing activities are enforced and KPIs can be put in place to measure the outcomes of your processing activities over time.

Once again… organisations should think about how the principles will be appropriately applied to the processing activities in your organisation e.g. how long should you retain a customer’s data. Once you’ve done this work policies can be developed for each processing area and written in plain language. These processes should reflect how the principle have been interpreted in relation to your processing activities  e.g. we will retain customers data for a period of 2 years.

These policies are then mapped or reflected in procedures within your organisation, these procedures are then executed through processes. This hierarchy should be documented and show clear mapping between each area. This mapping allows organisation to evolve their processes overtime in a holistic way and reduce risk by having more oversight and control over their policies, procedures and processes. This type of mapping document also acts as a very useful artefact should your organisation ever interact with supervisory authorities.

Subject Access Requests

Subject Access Rights are the single biggest obligation that could overwhelm organisations. While Subject Access Requests or SARs are not a new concept in Data Protection, data subject’s rights have changed somewhat under the GDPR. Article 12 of the GDPR ‘sets the tone’ for it all and in the case of SARs, the times limits to supply data has been reduced from 40 days to 1 calendar month or 30 days. No charge can be made to supply this information and access requests can be made electronically. Organisations must be able to supply information about where the data come from, the purposes of processing, who the data is shared with and where the data resides geographically.

In this video Clare Murphy of Castlebridge Associates explains the easiest way to deal with Subject Access Requests…

Want to know more about Data Protection and the GDPR – view 2 videos on both on https://dataprotectiontrainingcentre.com/demo

The principle of Accountability

The principle of Accountability is one of the biggest changes in the GDPR. This principle means that it’s not just good enough have just have strong Data Protection strategies in place, organisations must be able to demonstrate they have strong Data Protection strategies in place.

In this video Daragh O’Brien discusses the implications of this change…

Want to know more about Data Protection and the GDPR – view 2 videos on both on https://dataprotectiontrainingcentre.com/demo

 

The GDPR & Consent

Obligations around obtaining consent have become stricter under the #GDPR. This includes obligations to get distinct consent for each specific purpose you obtain Data. It is also very important to record versions of the language or text you use to obtain consent over time.

 

In this video Clare Murphy of Castlebridge Associates explains more…

 

Want to know more about employee training to prepare for the GDPR – view 2 videos for free https://dataprotectiontrainingcentre.com/demo

#GDPR – The business opportunity

Most organisations view the GDPR as yet another hoop to jump through to do business…. But are they missing an opportunity? Quite apart from companies who place respect for their customers’ data front and centre, there are opportunities for all organisations.

In this video, Daragh O’Brien discusses the business opportunity in Data Protection…

See what people think of our training https://dataprotectiontrainingcentre.com/#review

#GDPR – Data Protection and Data Security.

Know your Data Protection from your Data Security? While Information security standards such as ISO27x map very well to the GDPR, they are distinct skill areas.

In this video Daragh O’Brien discusses the difference between both and how they should work in tandem together.

Want to know more about Data Protection and the GDPR – view 2 videos on both on https://dataprotectiontrainingcentre.com/demo