IT Security News & Blog

How to Simplify GDPR with a Dynamic Privacy Policy

Posted: 6 July 2018

The GDPR (General Data Protection Regulation) is a difficult beast, with some estimates as low as 15% for the number of organisations who considered themselves GDPR ready by May 25th 2018. Not a surprise then considering the debacle that was re-consent email deluge and the "we have changed our privacy policy" communications that flooded everyone's inbox.

 

Dusting off the Privacy Notice

Compliance with the regulation is said to not just be the right thing to do but also, that it is good for business. So once you have achieved some sort of data protection nirvana, how do you do about sharing your credentials and being transparent?

For most this has taken the form of a privacy notice. That document or webpage buried somewhere in the deepest and darkest depths of your website, which details any processing activities, the relevant legal basis, retention periods and contact information for exercising rights.

But is this really the best place to show off your GDPR prowess or transparency with data subjects? Will it not just fail to be updated as it has done in the past; and suffer a fate so common to terms and conditions documents whereby it is rarely read?

Maybe there is a better way.

 

DPOrganizer

Consider a dynamic privacy policy linked your GDPR management tool.

A great example of this comes from data protection management innovators DPOrganizer.

DPOrganizer collates information relating to your GDPR posture such as the types of personal data you process and collect; where that personal data is stored; the applications which have access to those data stores and the permissions application users have; and any third-party processors; their processing instructions and locations, to name just a sample.

The result of collating this information into one management solution is two-fold.

  • Reporting and visualisation tools allow you to get a better idea visually, of how you comply with the GDPRs requirements.
  • You can start to build tools and functionality from the information and posture information you enter. For example, using the transparency widget.

How do you keep a control of the GDPR in your organisation? DPOrganizer can simplify and automate this task by ditching the spreadsheets and Microsoft Visio diagrams. Want to learn more? - Book a 30-minute demonstration here.

 

The GDPR Transparency Widget

The transparency widget expands on the principle of internal GDPR compliance reviews and provides some of this information the the public, hence transparency.

As a HTML based plugin, you can add the transparency widget to your public facing website. Visitors will be able to look an an approved list of:

  • Types of personal data items collected.
  • The sources of that personal data.
  • The lawful and legal basis for processing.
  • Third-parties that personal data is shared with and their processing activity.

DPOrganizer Transparency Widget

The result of this is in effect a dynamic privacy policy, which is updated as you update DPOrganizer. Website visitors will be able to query your GDPR credentials without direct interaction, which will hopefully lead to a reduction in subject access requests.

DPOrganizer Transparency Widget Report

Making GDPR Easier

It is often remarked that those who have been compliant with the Data Protection Directive 1995, should have no problem with becoming GDPR compliant. This is of course true as a shorter leap is easier than a longer one, however it over simplifies the task ahead.

The GDPR is going to involve both technological and cultural changes, which will be testing to even the most flexible of organisations. With DPOrganizer, those changes are not avoided, yet the ability to spot where and when changes need to be made; and the ongoing review of those implemented changes, are easier to see and to manage.

Whether you use the map view to plot controllers, databases, processors and third-parties; use the output report to gap assess; or you use the DP manager feature to request department leaders, business leaders and regional managers to review their own exposure to the GDPR in the DPOrganizer management console, it is hard not to see the value in solution.

Are you interested in DPOrganizer and the Transparency Widget; and want to learn more? - Book a 30-minute demonstration here.

 

New call-to-action

Topics: Governance, GDPR, Data Security

Chris Payne

Written by Chris Payne

Managing Director - Advanced Cyber Solutions