data.png

Data Privacy Life Cycle Support

The Data Privacy Management Life-cycle

Data Privacy Assessment Areas

01. Governance

Have you included in your processes and procedure the GDPR requirements? Are the roles and responsibilities with DPO defined and applied? 

dp-i5_edited.png

05. Data Storage and deletion

Do you know where the data is actually stored? Have you produced mapping of data flows ? Have you identified automated processing of personal data via IT tools?

09. Data Controller, Outsourcing and Third Parties

Do you maintain a register of third parties from whom you are submitting personal data? Do you regularly audit your third parties? 

02. Accountability

Have you produced / defined procedures to ensure your departments processing personal data respect Data Protection principles?

dp-i6_edited.png

06. Privacy by design / by default

Is data deletion integrated in new projects conception? Is GDPR screening integrated in every new IT project procedure?

10. Data Protection Impact Assessment

Have you defined a template for Data Privacy Impact Assessment and to identify high risk data processing? 

dp-i3_edited.png

03. Training

Has IT personnel been trained about GDPR and Personal Data issues / requirements / duties? Are these trainings regular? 

dp-i7_edited.png

07. Security and incident Management

Has IT security of personal data been ensured via dedicated servers? Have you implemented secured email box for personal data transfers?

dp-i11_edited.png

11. Data Transfer Outside EU or Third Parties

In case of data transfers to third parties, do you keep a backup of the data sent? What kind of encryption is used when the data is transferred? 

dp-i4_edited.png

04. Data Subject Rights

Have you informed the data subjects of their rights, the purposes for collection, processing and transfers for each data ?

dp-i8_edited.png

08. Special Categories of personal data

Do you store any special categories of data? Do you have appropriate approach to safe-keep those data?

dp-i12_edited.png

12. Processing for statistical purposes

Are procedures defined to anonymize or pseudonymize personal data used in statistical or scientific studies?