Under normal circumstances, if you have not done substantial data security or risk assessment, you may not be aware of any IT Risk scenario but to accomplish GDPR requirements, it will mean a ...
If you are implementing GDPR for your organization, what’s the know-how?
Under normal circumstances, if you have not done substantial data security or risk assessment, you may not be aware of any IT Risk scenario but to accomplish GDPR requirements, it will mean a wild-search of the entire organization to capture all organization structure and resources including policies, processes and systems. Follow a methodical way to find the starting point and jump start may be where you can explore using the Self-Assurance package; it goes by;
1. Understand thoroughly GDPR requirements/criteria, the Do and Don’t, as well as the exception or not-applicable.
2. Scope out information in your business that is direct or indirectly relevant to GDPR criteria
3. Determine the supporting business processes that adhere to your business, flow right from the source till the end, where information or data may be decommissioned
4. Identify the system inventory (including interfaces, internal and third party’s systems) that support the above business processes
5. Map out a data-flow diagram between business processes and their supporting systems
6. While doing the mapping, determine the gap (areas missing or not meeting GDPR requirements) but do not rush into fixing them without a holistic picture.
7. Analyze the business impact of the gaps and prioritize them in a list
8. Document the activities/detailed tasks around the gaps and determine the potential compensating controls that can explain to a reason (always include business or process owner as part of the effort)
9. With the reduced prioritized list from above, determine the mitigation needed but do not rush into implementing them
10. Go back to the data-flow diagram or data-mapping table, map out the data-points. Sieve through the areas where compensating controls or mitigations are not enough or insufficient.
11. From Step 10, determine the cost-effective plan to remediate them. Make sure the project is funded and has the management oversight over the key-milestones and deliverables, and there are sufficient project documentation.
Having understood the above, you can start utilizing the EU GDPR self-assurance package to jump-start.
Start your effort with the following, at a price of SG$4,868/- Nett
1. EU GDPR Compliance Gap Assessment Tool
2. EU GDPR Compliance Toolkit
3. Data flow Mapping Tool
4. Distance-Learning GDPR Foundation and Certification
5. GDPR Staff Awareness E-Learning up to 10 PAX (more can be accommodated, price may vary)
6. 2 days of Consultation/Workshop to learn the technique of applying the above to jump start your effort through the nine steps (see below).
Click for your inquiry. We are always glad to assist you.