Dusting off the Privacy Notice
Compliance with the regulation is said to not just be the right thing to do but also, that it is good for business. So once you have achieved some sort of data protection nirvana, how do you do about sharing your credentials and being transparent?
For most this has taken the form of a privacy notice. That document or webpage buried somewhere in the deepest and darkest depths of your website, which details any processing activities, the relevant legal basis, retention periods and contact information for exercising rights.
But is this really the best place to show off your GDPR prowess or transparency with data subjects? Will it not just fail to be updated as it has done in the past; and suffer a fate so common to terms and conditions documents whereby it is rarely read?
Maybe there is a better way.
A great example of this comes from data protection management innovators DPOrganizer.
DPOrganizer collates information relating to your GDPR posture such as the types of personal data you process and collect; where that personal data is stored; the applications which have access to those data stores and the permissions application users have; and any third-party processors; their processing instructions and locations, to name just a sample.
The result of collating this information into one management solution is two-fold.
Reporting and visualisation tools allow you to get a better idea visually, of how you comply with the GDPRs requirements.
You can start to build tools and functionality from the information and posture information you enter. For example, using the transparency widget.
How do you keep a control of the GDPR in your organisation? DPOrganizer can simplify and automate this task by ditching the spreadsheets and Microsoft Visio diagrams. Want to learn more? - Book a 30-minute demonstration here.
The GDPR Transparency Widget
The transparency widget expands on the principle of internal GDPR compliance reviews and provides some of this information the the public, hence transparency.
As a HTML based plugin, you can add the transparency widget to your public facing website. Visitors will be able to look an an approved list of:
Types of personal data items collected.
The sources of that personal data.
The lawful and legal basis for processing.
Third-parties that personal data is shared with and their processing activity.
Making GDPR Easier
It is often remarked that those who have been compliant with the Data Protection Directive 1995, should have no problem with becoming GDPR compliant. This is of course true as a shorter leap is easier than a longer one, however it over simplifies the task ahead.
The GDPR is going to involve both technological and cultural changes, which will be testing to even the most flexible of organisations. With DPOrganizer, those changes are not avoided, yet the ability to spot where and when changes need to be made; and the ongoing review of those implemented changes, are easier to see and to manage.
Whether you use the map view to plot controllers, databases, processors and third-parties; use the output report to gap assess; or you use the DP manager feature to request department leaders, business leaders and regional managers to review their own exposure to the GDPR in the DPOrganizer management console, it is hard not to see the value in solution.