Scribd Logo
Unggah

Selamat datang di Scribd!

  • Best Practices To Create A Data Inventory and Meet GDPR Compliance

    Diunggah oleh

    TrustArc
    110 tayangan16 halaman
    Understanding the data flows and data policies and procedures across the Company is the foundation of any privacy and data governance program and essential for GDPR compliance. Visit http://bit.ly/2kP8DMy to watch the full webinar

    Judul Asli

    Best Practices to Create a Data Inventory and Meet GDPR Compliance

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Understanding the data flows and data policies and procedures across the Company is the foundation of any privacy and data governance program and essential for GDPR compliance. Visit http://bit.ly/2kP8DMy to watch the full webinar

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    110 tayangan16 halaman

    Best Practices To Create A Data Inventory and Meet GDPR Compliance

    Diunggah oleh

    TrustArc
    Understanding the data flows and data policies and procedures across the Company is the foundation of any privacy and data governance program and essential for GDPR compliance. Visit http://bit.ly/2kP8DMy to watch the full webinar

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 16

    Best Practices to Create a Data

    Inventory & Meet GDPR Compliance


    January 24, 2017

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2017


    1

    TRUSTe Inc., 2017

    Todays Speakers
    RAY EVERETT
    Principal Consultant (US), TRUSTe

    VERONIKA TONRY
    President, Privacy Know How, former Global Privacy
    Manager at Chevron and Applied Materials

    GUY SEREFF
    Corporate Counsel, Level 3 Communications

    Privacy Insight Series


    - truste.com/insightseries
    v

    2
    TRUSTe Inc., 2017

    Todays Agenda

    Welcome & Introductions


    Getting Started

    Executing
    Next Steps
    Q&A

    Privacy Insight Series


    - truste.com/insightseries
    v

    3
    TRUSTe Inc., 2017

    Getting Started
    Scoping, Resourcing, Organizational Buy-In

    Guy Sereff, Corporate Counsel, Level 3 Communications

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2017


    4

    TRUSTe Inc., 2017

    Scoping the Data Inventory Project

    Determine the organizations objectives


    Compliance with specific frameworks?
    Developing a new Privacy Program?
    Refreshing an existing Privacy Program?

    Identify logical business units

    Privacy Insight Series


    - truste.com/insightseries
    v

    5
    TRUSTe Inc., 2017

    Resourcing the Data Inventory Project


    Identify roles and responsibilities BEFORE any work begins
    Project Manager
    Business Unit Leads
    Subject Matter Experts

    Set realistic expectations for the level of effort required to complete


    the project

    Privacy Insight Series


    - truste.com/insightseries
    v

    6
    TRUSTe Inc., 2017

    Organizational Buy-In
    Data Inventories can be used throughout the organization
    Legal and regulatory compliance
    Identification of application and storage redundancies
    Guide for developing information security framework
    Introduction or reinforcement of Privacy by Design concept for application
    lifecycles
    Identification of new data types and uses

    Compliance with GDPR is going to be difficult without a current Data


    Inventory
    Privacy Impact Assessment requirements
    Demonstrable compliance
    Required data processing registries

    Compliance requirements for wholly automated decision making


    Data subject rights
    Privacy Insight Series
    - truste.com/insightseries
    v

    7
    TRUSTe Inc., 2017

    Execution
    Discovery, Documentation, and Analysis
    Veronika Tonry, President, Privacy Know How

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2017


    8

    TRUSTe Inc., 2017

    The key to a successful GDPR implementation

    Privacy Insight Series


    - truste.com/insightseries
    v

    9
    TRUSTe Inc., 2017

    Best Practices
    Adapt the discovery to your company culture
    Intake Process

    Do your homework before you interview the organization


    Be clear around expectations and define the terminology
    Have examples of processes ready
    Develop a methodology to execute efficiently

    Document to identify risks and make decisions


    Identify high risk processing and evaluate impact
    Classify your data: Individual information elements +
    combined data sets
    Develop action plans from the analysis and findings

    Privacy Insight Series


    - truste.com/insightseries
    v

    10
    TRUSTe Inc., 2017

    Next Steps
    Turn Findings into Action, Keeping a Living Inventory
    Ray Everett, Principal Consultant, TRUSTe

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2017


    11

    TRUSTe Inc., 2017

    Translating the Data Inventory into Action


    Inventory should point to many action items
    High risk data elements
    Data repositories that need monitoring, controls, policies
    Access and External Transfers that need monitoring, controls, policies
    Vendors/Partners requiring contractual language, reviews/audits, controls

    Maps should point to processes that need regular scrutiny


    Gaps in controls, policies
    Processes that need new/periodic PIAs

    Maps should identify vendors who need periodic audits

    Inventory and Maps should also


    Support the case for resourcing

    Identify your Privacy Committee members


    Privacy Insight Series
    - truste.com/insightseries
    v

    12
    TRUSTe Inc., 2017

    Map Your Team, Team Up on Mapping


    Institutionalize your Map with a Privacy Committee
    People ignore documents, they cant (always) ignore a recurring meeting
    Privacy Committee agenda driven by action items, PIA reviews and Data
    Inventory updates

    Inventory Drives Initial & Recurring Actions


    Define and build support for action items
    Review progress and results with the Privacy Committee

    Integrate Data Map updates into PIA for products/services/vendors


    Bottom-up updates
    Changes to flows may ripple across organization in unexpected ways

    Define a Cadence for Review/Refreshment


    Top-down updates
    Keep all stakeholders informed of strategic changes, impacts to their
    business units

    Privacy Insight Series


    - truste.com/insightseries
    v

    13
    TRUSTe Inc., 2017

    Questions?

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2017


    14

    TRUSTe Inc., 2017

    Contacts
    For more information on Data Inventory examples, schedule a consultation:
    https://www.truste.com/business-products/privacy-consulting/data-inventoryand-classification/contact-us/

    Ray Everett
    Veronika Tonry
    Guy Sereff

    reverett@truste.com
    veronika@privacyknowhow.com
    guy.sereff@level3.com

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2017


    15

    TRUSTe Inc., 2017

    Thank You!
    Register now for the next webinar in our 2017 Winter/Spring Webinar Series
    on February 23 Privacy Shield Self-Certification Whats Next?
    See http://www.truste.com/insightseries for the 2017 Privacy Insight Series
    and past webinar recordings.

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2017


    16

    TRUSTe Inc., 2017

    Anda mungkin juga menyukai