- GDPR Enforcement Revisited: GDPR compliance components, GDPR’s fundamental principles, data minimisation, integrity, confidentiality, security, accountability, transparency, GDPR rights, access to data, automated processing, erasure and data portability, breaches, fines, penalties, sanctions.
- Data Governance: Understand your data supply chain, generate data lineage and a complete the documentation of data transformations.
- IT Governance. Governance: tips, articulate responsibilities and accountabilities to manage policies for data classification, operations, document retention, secondary profiling uses, etc. ISO 29100 for the privacy framework. Introduction of the RACI matrix and a privacy maturity assessment tool.
- Data Discovery, Classification, Identification and Description. Compile a complete data inventory of personal, sensitive, or controlled data using our detection road map and classification framework.
- Managing Record of Processing Activities (RoPA) and producing the CRUD matrixes. How is personal data is identified to populate the RoPA, with interviews, flowcharts, technical documentation, workshops and eDiscovery.
- Policy Management: Appropriate and adequate use of transparency and accountability of data handling with configurable prompts and purpose specification.
- Risk-Based GDPR Compliance Implementation Steps
- Purpose-based compliance controls: Limit personal data processing to specified purposes grounded in GDPR-recognised in the six legal bases. ISO 27701 controls.
- Facilitating Data-Driven DPIA: data protection impact assessments for high-risk use cases.
- Robust And Granular Access Controls: Prevent unauthorised access while enabling effective collaboration using configurable controls, metadata, dataset, and sub-dataset level.
- Consolidated Data Subject Assessment: Manage consent, respond to data subject rights requests and satisfy data breach notification requirements.
- Generate a 360-degree view of the critical GDPR components related to the data subject.
- Data retention and deletion: Ensure that data is stored following appropriate retention schemes that meet the data subject deletion requests, across complex, distributed data and system landscapes.
- Dynamic Data Minimisation: Implement privacy by design and default to prevent unnecessary disclosure of personal data at our on-line seminar’s suite.
- Auditing for Accountability: Produce and support complete, interpretable records of data processing activities and decisions that affect data subjects to document compliance.
- Supervisory Authorities: Disclosing data breaches, mediation issues, best practices in keeping digital data secure, and jurisdiction
- Data Processing Agreements: DPA and ISA, writing a DPA and data-sharing agreement, subject-matter, nature, purpose, duration, processing, types and categories of data subjects, documented instructions
- International Data Transfers; Transfers in and outside the EE, with and without adequate protection, Privacy Shield Framework, Contractual clauses, Standard data protection clauses, “Ad hoc” clauses, Binding Corporate Rules
- Document compliance for Certification and Code of Conduct. Codes of conduct and certification mechanisms