GDPR data mapping: How to tackle complex processes

As part of your EU General Data Protection Regulation (GDPR) compliance project, your organisation will need to understand what personal data it processes. You will likely choose data mapping as a way to meet these requirements. Key elements of data mapping A data flow map of a process should chart the entire journey of personal data as it is processed for the purposes specified. If the same data is processed for an additional set of purposes, this constitutes a different process and should be charted in a separate map. An effective data mapping process will establish: The data items obtained
Read more

How to create a risk treatment plan for your information security management system

A risk treatment plan (RTP) is one of the mandatory reports that you will need to produce for your ISO 27001 information security management system (ISMS). What is a risk treatment plan? An RTP provides a summary of each of the identified risks, the responses that have been determined for each risk, the risk owners and the target date for applying the risk treatment. It is produced after you have conducted your risk assessment and is a detailed plan describing roles and responsibilities for specific actions to bring the risks down to an acceptable level. Download a copy of our
Read more

GDPR data mapping key elements

Data mapping will be a key part of your compliance project in the run-up to the EU General Data Protection Regulation (GDPR) compliance deadline of May 2018. The Regulation introduces numerous changes – and the change from complying with the current Data Protection Act (DPA) to the GDPR is a complex one – so it’s important to understand what your organisation needs to do to comply. What does the GDPR say about data mapping? In a recent blog we spoke about the requirements of Article 30 of the GDPR and how data mapping can be a useful method to meet
Read more

How to manage your compliance the easy way

Regulatory compliance requirements are becoming a significant issue for organisations, particularly in the field of information security. What is IT compliance? IT compliance is used to explain how an organisation manages its IT in order to comply with laws, regulations and contractual obligations. IT compliance looks to protect an organisation’s governance, assets, services and more. Data breaches and regulatory fines are unfortunately becoming a daily occurrence, so no organisation can afford to treat IT compliance as a minor issue. IT compliance shouldn’t just be the responsibility of an IT department. It is a board-level responsibility that every organisation needs to
Read more

Identifying articles for GDPR compliance

The EU General Data Protection Regulation (GDPR) is a new law that will supersede the Data Protection Directive 1995 (DPD) and all domestic laws based on it, such as the UK Data Protection Act 1998 (DPA). The GDPR aims to protect EU residents from data and privacy breaches, and has been introduced to keep up with the modern digital landscape. From 25 May 2018, any organisation processing the personal data of EU residents must comply with the GDPR in respect of that data processing. GDPR articles The GDPR comprises 99 articles and is separated into 11 Chapters: General provisions Principles
Read more

How data mapping helps meet the requirements in Article 30 of the GDPR

Understanding what personal information is being collected and processed is a fundamental component of any EU General Data Protection Regulation (GDPR) compliance programme. Without that understanding it will be difficult for any organisation to ensure that their data processing activities are compliant with the new obligations set out in the GDPR. What does Article 30 state? Article 30 requires organisations to “maintain a record of processing activities under responsibility. “That record shall contain all of the following information: the name and contact details of the controller and, where applicable, the joint controller, the controller’s representative and the data protection
Read more

How to develop a Statement of Applicability in ISO 27001:2013

The Statement of Applicability (SoA) is one of the key documents that you will need to produce for your ISO 27001 information security management system (ISMS). What is the Statement of Applicability? The SoA is a crucial, mandatory report for ISO 27001 certification. It’s also an essential report for the management and control of your ISMS. ISO/IEC 27001:2013 states that, as part of the risk assessment process, organisations must produce an SoA that contains: The necessary controls; Justifications for their inclusion; Whether the necessary controls have been implemented or not; and Justifications for excluding any of the Annex A controls.
Read more

5 steps to create a data flow map

The EU General Data Protection Regulation (GDPR) is a new law that will harmonise data protection in the EU and will be enforced from 25 May 2018. The Regulation will apply to all organisations that process EU residents’ personal data, including organisations outside the EU. UK organisations will need to make sure they are compliant, as the government has confirmed that the Regulation will apply in the UK, despite Brexit. Data mapping and the GDPR To comply with the GDPR, organisations must understand what personal data they hold or process. To do so, it is necessary to create a data
Read more

3 reports needed for an ISO 27001 audit

An ISO 27001 audit can be intimidating, especially if it is the first time that your information security management system (ISMS) has been audited. Producing accurate, concise and updated reports is an important part of your audit. Some reports are mandatory, whereas others will help you to impress your auditor. Statement of Applicability (SoA) The SoA is a crucial, mandatory report for your ISO 27001 audit. It’s also essential for the management and control of an ISMS. The SoA identifies the controls that are relevant to your organisation and explains why those controls have been selected to treat the identified
Read more

Significant number of organisations rely on data mapping for GDPR compliance

A recent report has highlighted that a significant number of organisations rely on data mapping to help with their EU General Data Protection Regulation (GDPR) compliance projects. The IT Governance GPDR Report 2017 showed that 27.8% of organisations rely on data audits or data mapping. The report also revealed that 12.9% of organisations rely on risk assessment software. The report provides an insight into how organisations are progressing with GDPR compliance, the challenges they face and the measures they are adopting. Alan Calder, IT Governance’s founder and executive chairman, said: “Our research shows that organisations are still planning or have
Read more
Page 1 of 212