What is a Privacy Review ?
What is a Privacy Review ?
A Privacy Review will help you find out if you are data privacy compliant. Here are some of the main steps we follow during a review:
- Make a data inventory. Classify the data. Create a data mapping and flow. Which data do you collect and for which business purpose?
- Identify legal and formal requirements necessary to be compliant.
- Review vendor agreements if data is being processed by any third party, this includes data transfers and cloud services. Are they all complaint? You will be accountable if this is not the case.
- Review security: storing of data, use of encryption, pseudonymization or anonymization techniques, access controls, physical security...
Data Inventory
Compliance Requirements
Processor Review
Security Review
What's next...?
What's next...?
A privacy Review offers a clear picture of your compliance status. What if you are not complaint?
- - A Risk Assessment can help you identify the changes to be implemented.
- - Privacy and security policies can be reviewed or created.
- - Protocols like the incident response protocol for Data Breaches can be implemented.
- - Organisation should be educated on how to work privacy wise and how to avoid and identify security threats.
Risk Assessment
Implement Changes
Awareness Training