Preparing for the GDPR: Attaining and Demonstrating Compliance · Free GDPR Compliance Toolkit Preparing for the GDPR: Attaining and Demonstrating Compliance • The EU General Data
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Nymity is a global data privacy compliance research company specializing in accountability, risk, and compliance software solutions for the Privacy Office. Nymity’s suite of software solutions helps organizations attain, maintain, and demonstrate data privacy compliance.
• We envisage three types of organizations in 2018: 1. Those who are non-compliant
2. Those who are compliant
3. Those who are able to demonstrate ongoing compliance
• Snapshot of a given moment in time (compliant) vs. readiness to deal with changing circumstances because the fundamentals of the police are sound (ongoing compliance)
• Free tools available today at www.nymity.com/GDPR-Toolkit
Article 5 Principles relating to personal data processing
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary.
The controller shall be responsible for and be able to demonstrate compliance with paragraph 1 (“accountability”).
Understand Accountability under the GDPR
• Replacement of the obligation to register with DPA • Understand your data processing operations on an ongoing basis: Both what and why
Accountability Approach to Demonstrating Compliance
Structured Privacy Management is embedding ongoing privacy management activities throughout the organization, resulting in the ability to demonstrate accountability and compliance with evidence.
Privacy management activities have been implemented and are maintained on an ongoing basis.
RESPONSIBILITY
Privacy management activities are embedded throughout the organization within each function or business unit that processes personal data.
OWNERSHIP
Documentation is produced as a result of a privacy management activity that can be used as Evidence of accountability and compliance.
Privacy management activities are ongoing procedures, policies, measures, mechanisms, and other initiatives that impact the processing of personal data or that relate to compliance with privacy and data protection laws.
Accountability Approach to Demonstrating Compliance