14 Feb Part IV. Are you a public or private organisation assessing your technology for the GDPR?
In this fourth part of our series on the technology assessment required for the GDPR implementation, we are looking into access procedures, policy, and legal contracts.
Within this series, we have shared insights into technical areas we often analyse for our clients in the private and public sector, such as:
- Assessment of data flow, transfer, and sharing
- Assessment of data storage, retention, and deletion
- Assessment of access control and security
- Assessment of access procedures, policy, and legal contracts
Assessment of access procedures, policy, and legal contracts
An essential component of an organisation’s information security arsenal is their compliance documents, including policies and procedures.
These need to be maintained and be both enforced and enforceable. Assessing an organisation’s GDPR compliance requires examining existing policies and procedures and updating as necessary.
Specific risks and mitigation actions:
- existing legal between existing controllers and processors of data
- ensure sufficient clauses that clearly sets out the relationship between controllers and processors
- processors must never be placed in a position whereby they are determining the purposes and means of the use of personal data
Our GDPR service offering includes:
- Data Protection Impact Assessments of existing and proposed technologies, leveraging both our technical and data protection expertise
- Assessment and updating existing privacy notices and consent requirements for our clients
- Assessing the legal basis for processing our clients’ businesses rely upon, and assessing and updating their policies and procedures
Data Protection Impact Assessment (DPIA)
Trilateral provides compliance roadmaps and DPIA templates for organisations, as well as train their staff to complete these activities, thereby assisting them to manage their future compliance costs.
Do you really need a Data Protection Officer (DPO)?
We provide an external DPO service for businesses and organisations who do not need or cannot currently justify, employing a full-time internal DPO.
Contact our team