A data protection officer, DPO is the voice of data protection compliance within an organization. The DPO is still expected to be able to help organizations comply with their legal obligations and for GDPR manage the security of personal data.
iAPP.org states that the title an organization used to denote its privacy leaders may tell a lot about its approach to privacy. They state the most popular 5 terms are;
1) Privacy Officer
2) Chief of Privacy, or Chief Privacy Officer
4) Security Director
5) Vice President of Privacy
So you have a privacy leader, where do they fit within your organization?
While iAPP states there is no standard organization structure for privacy across organizations, Natuvion’s GDPR or transformation projects have consistently worked with 3 business functions; a legal or DPPO team, business analyst team and technical team (IT). The GDPR project itself was driven by Legal or a DPPO [Data Protection and Privacy Office], with each function running a sub-project for their related actions.
So you have a privacy leader, do you have privacy vision?
A privacy mission statement or vision document has the goal of communicating your company’s privacy position to all stakeholders and is always used in company wide education too.
Elements of a privacy vision
1) Value or privacy to the organization
2) Organizational objectives
3) Strategies to achieve intended outcomes
4) Roles and responsibilities - for example, only trained and authorized employees will have permission to work with personal data.
What is a data processing inventory?
A data processing inventory reflects how the business processes data and starts with listing the processing activities and their purpose. A data processing inventory is aligned with how the business works, making it is easy for the business to engage.
The GDPR creates an opportunity for organizations to limit their data inventory. Organizations need an inventory of their data processing operations, instead of all their data holdings and detailed inventory.
What do Human Resources departments need to know about Data Protection Policy (GDPR) when using SAP HCM or SAP SuccessFactor systems?
The General Data Protection Regulation (GDPR) will be enforced from 25 May 2018, giving Human Resources (HR) departments just a few months to ensure that they have updated their processes for collecting and processing data about employees, former employees and job candidates.
Three important GDPR articles that HR needs to know now....