Perform a detailed gap analysis

Areas concerned shall include.

Transparency.

Collection & Purpose Limitation.

Consent:

  • How does your organization seek, obtain and record consent?
  • Review your communication (not only digital channels).
  • Which procedure to verify Children’s consent: age and collect parental authorization?

Legal justification for processing personal data:

  • Determine legal justification attached to each type of data.
  • Reviewing external contracts.

Consent.

Quality.

Privacy Program Management.

Security for Privacy.

Few technologies to ensure protection and allow prompt action upon requests:

  • Data discovery.
  • Encryption.
  • Obfuscate.
  • Block.
  • User rights management.
  • Data classification.
  • Data masking.
  • User monitoring.
  • Incident analysis, reporting.

Data Breach Readiness & Response.

Individual Rights.

International transfers: determine to which data protection supervisory authority your organization is subject to.

Data breaches.

Right procedures in place to detect, report and investigate breaches.

Processes addressing individual rights and requests.

Individuals’ rights.

Identify which procedure you have in place, should be modified or implemented to respond to individual request.

How you would delete personal data or provide data in a commonly used format.

Subject access requests.

You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.

Review current privacy policies and notices.

Feed a detailed documentation, helpful at the time of modifying your policies.

Review external contracts.

Retention schedules.

Technologies used:

  • Technology used to secure personal data you currently hold, with focus on specific circumstances (test, cloud, mobile).
  • Automation process in place?
  • Clean your database filtering unnecessary data to decrease risk exposure.