icon-teal-dpo

DPO

The Data Protection Officer (Data Privacy Manager) is suitably qualified to guide and inform the organization on the implementation and maintenance of its privacy compliance program. 

icon-teal-risk 

Operational Risk Management 

Identify, assess, and manage privacy risk in operations and set appropriate and relevant compliance review cycles. 

icon-teal-data-mapping

Data Mapping 

Implement the procedures and systems that enable you to identify whose personal information you're processing, why you're processing it, the appropriate lawful bases, and to whom you might be disclosing that personal information. 

icon-teal-governance 

Governance

Document relevant policies and procedures. Maintain a Record of Processing. Publish your privacy notices. 

icon-teal-emp-awareness

Employee Awareness 

Managing privacy risk requires an organisation-wide, top-down, bottom-up approach. Socialize relevant training and awareness material and monitor employee progress. 

icon-teal-dpia 

Processors and Data Sharing 

Review and refresh vendor relations. Ensure that contracts are current and enforced. Conduct impact assessments for personal data transfers to countries not having adequate protection. 

icon-teal-dpia

Data Protection Impact Assessments (DPIA)

Assess and mitigate risk identified in processing that is likely to present high risk to individuals. Engage with the authority where residual risk remains high.

icon-teal-sar 

Subject Access Requests 

Establish and implement the policies and procedures concerning data subjects' rights to access their personal information. 

icon-teal-data-breach 

Personal Data Breach 

Establish and implement the policies and procedures concerning the organisation's ability to recognise and properly respond to incidents that could lead to the unauthorised access to or loss of personal information.

icon-teal-consent 

Consent

Immutable consent.