gdpr implementation

How does your organization title its privacy leaders?

iAPP.org states that the title an organization used to denote its privacy leaders may tell a lot about its approach to privacy. They state the most popular 5 terms are;

1) Privacy Officer

2) Chief of Privacy, or Chief Privacy Officer

3) Counsel

4) Security Director

5) Vice President of Privacy

So you have a privacy leader, where do they fit within your organization?

While iAPP states there is no standard organization structure for privacy across organizations, Natuvion’s GDPR or transformation projects have consistently worked with 3 business functions; a legal or DPPO team, business analyst team and technical team (IT). The GDPR project itself was driven by Legal or a DPPO [Data Protection and Privacy Office], with each function running a sub-project for their related actions.

So you have a privacy leader, do you have privacy vision?

A privacy mission statement or vision document has the goal of communicating your company’s privacy position to all stakeholders and is always used in company wide education too.

Elements of a privacy vision

1) Value or privacy to the organization

2) Organizational objectives

3) Strategies to achieve intended outcomes

4) Roles and responsibilities - for example, only trained and authorized employees will have permission to work with personal data.

GDPR Implementation | How do we automatically identify all personal data in a SAP system landscape?

GDPR Implementation | How do we automatically identify all personal data in a SAP system landscape?

Sophia software provides discovery analytics that helps with the first step of implementing the GDPR compliance process by reporting on what personal data is in your landscape and where it is stored.

GDPR | Are there GDPR solutions and templates for Article 30 (records of processing activities)?

GDPR | Are there GDPR solutions and templates for Article 30 (records of processing activities)?

What is a data processing inventory?

A data processing inventory reflects how the business processes data and starts with listing the processing activities and their purpose.  A data processing inventory is aligned with how the business works, making it is easy for the business to engage.

The GDPR creates an opportunity for organizations to limit their data inventory. Organizations need an inventory of their data processing operations, instead of all their data holdings and detailed inventory.

GDPR Article 25 and Article 32 | Reduce GDPR Implementation Time by Subscribing to the TDA Engine

GDPR Article 25 and Article 32 |  Reduce GDPR Implementation Time by Subscribing to the TDA Engine

"Test-Data-Anonymization and Production-System-Pseudonymization Engine."

Article 25 of the General Data Protection Regulation (GDPR) communicates requirements for data-privacy-by-design and data-privacy by-default and Article 32 GDPR requires Data Controllers and Data Processors to implement technical and organizational measures that ensure a level of data security appropriate for the level of risk presented by processing personal data.. GDPR created incentives for  “pseudonymization” and "anonymization" of personal data to meet these requirement... the only GDPR certified technology available is...

Meet The Experts | Our Data Protection Lawyer

Where do we find an experienced Data Protection Lawyer for GDPR?

For all GDPR work, our preferred lawyer is Benjamin Spies.  Benjamin is an IT Lawyer and a partner, at SKW Schwarz.

Benjamin advises national and international companies mainly in the IT sector with the focus on data protection (GDPR), e-commerce, domain law, telecommunications and telemedia law.

The reasons we work with Benjamin are;

  1. Benjamin is located in Germany, however he is very familiar with the US, he graduated from a US high school and used to work for the award winning US law firm WilmerHale, he is also member of TerraLex and other large law firm networks with a US focus.
  2. Benjamin was the co-author on one of the first legal commentaries for the Federal German Data Protection Act.
  3. Benjamin has more than 10 years experience in IT law with a focus on Data Privacy & Security.
  4. A small sample of his clients are: Netflix, Expedia, Bosch, Addidas, Diamler , MediaSaturn Europes largest IT retailer.
Data Protection Lawyer, Benjamin Spies

Data Protection Lawyer, Benjamin Spies