Governance, Risk Management, and Compliance blog

Personal Data Protection - How Hard Can It Be?

[fa icon="calendar"] Monday, 05 December 2016 / by Jakob Holm Hansen

Haven’t we had enough? It feels like there’s been an endless stream of GDPR offers lately. Courses and certificates, as well as attorneys and consultancies which offer an array of services. Services which are then presented as absolute necessities in order not to be hit by enormous fines as soon as May 2018 hits us.

Of course proper protection of our personal data is vital, and it’s important for companies to comply with the law, so perhaps this barrage of offers is justifiable. But then again, just how difficult can it be to comply with the EU’s new general data protection regulation?

Responsible Shortcuts

I’ve always been a fan of putting things into systems or a software – or, even better, cloud solutions -   and trying to simplify things as much as possible. I sometimes call this principle of simplifying, “responsible shortcuts”. This is based on my belief that too many companies spend too much time trying to perfect their process, before they even start. For most companies, it’s by far more beneficial to simply get a process started, and then improve it along the way. These principles work really well for any 27001-based projects and, actually, information security in a wider sense. However, as citizens, we want our information to be protected in the best way possible, and the term “shortcut” might make us hesitate. The question is then: can you take responsible shortcuts when it comes to personal data protection?

The answer is yes, with emphasis on the “responsible” part. These principles of responsible shortcuts and simply getting a process started, are always useful because every time a company starts to improve the protection of the personal data they are responsible for, the safer we – citizens and companies – are.

GDPR Compliance Tool

Contrary to many of our competitors, we’re offering you GDPR compliance software that helps you on your way to becoming compliant with the EU general data protection regulation. The software consists of:

  1. Great content and templates so you never have to start from scratch.
  2. Registration of Data Processing Activities
  3. Support of the Data Protection Impact Assessment (DPIA)
  4. Effective management of data breach notifications
  5. A dashboard that provides a clear overview of the key areas in your compliance
  6. Awareness module on personal data protection to train your employees
  7. Gap analysis so you can keep an overview of your status and compliance
  8. Integration with all other enabled compliance standards in the platform
  9. Cross-compliance mapping and overview so you don't have to work in silos

Read more about our GDPR compliance tool here.

As to answering my first question - How hard can it be? – the answer is: quiet. It can be a big task, complying with all the process demands in the regulation, but it will be significantly easier for you to comply with the EU GDPR, if:

  • You already comply with current personal data protection regulations.
  • You currently have a compliance tool that is partly or entirely based on ISO 27001.
  • Understand where the synergies and differences are between GDPR/ISO 27701 and ISO 27001/2.

We’ve written a guide with 7 steps that you can go through to gain a better understanding of what the EU general data protection regulation actually entails, and how to prepare for it. Get yours here

 

P.S. Of course, we know that the EU GDPR can be a bit of a mouthful. That’s why we offer consultation services from our experienced consultants, who specialize in this topic. They’ll make sure that you have both the tools and know-how to maintain compliance with the GDPR every day. Check out the Compliance as a Service page here.

Emner: Compliance and task management, ISO Standards, eu general data protection regulation, eu gdpr

GRC blog

The NorthGRC blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts