Global leaders in the design and implementation of IT governance frameworks and mechanisms.
Experienced, skilled and practical assistance in building capability and improving performance.
Quick and effective value delivery and the governance of risk management.
Approaches to GDPR compliance based on checklists are pervasive. So too is the knowledge that a checklist based approach does not accomplish much. They are superficial and ineffective in fulfilling the obligations of the GDPR. Enormous amounts of time are often spent preparing for and conducting “gap analyses” by answering standard questions when in the blink of an eye compliance becomes non-compliance. Continuous monitoring has a role to play.
Read more: Continuous Monitoring of the status of compliance with the GDPR
Not only do organisations have to comply with the GDPR, they also have to be able to demonstrate compliance. The GDPR focuses on the concept of accountability whereby establishments have to "demonstrate" compliance with the principles relating to the processing of personal data. This will involve implementing more demonstrable processes and maintaining a proactive approach to creating history logs and retaining evidence.
The European Commission’s General Data Protection Regulation (GDPR) has many stringent rules regarding the collection and processing of personal data for the purpose of protecting fundamental rights and freedoms of natural persons. Non-compliant data controllers and processors face significant fines and penalties once the GDPR comes into force in May 2018. A governance and management system will institutionalise the enablers of data protection and manage GDPR compliance.
Read more: Would a Governance and Management System help with GDPR compliance?
One of the key requirements of the General Data Protection Regulation (GDPR) is that in certain circumstances data controllers and processors must designate a Data Protection Officer (the DPO) as part of the accountability framework. The role of a DPO is to be the central point of contact for data controllers or processors and their employees to receive advice on their obligations with the GDPR and act as the contact person for supervisory authorities and data subjects with information requests or lodging complaints.
Read more: Tools that will assist the Data Protection Officer
One of the most important aspects of the General Data Protection Regulation is the principle of accountability. It requires that those processing personal data have to take full responsibility for their actions and must be able to demonstrate that they did all what is necessary in order to comply with their data protection obligations. Since the processing of personal data is ubiquitous, ensuring adherence to the many stringent rules of the GDPR will be challenging for most data controllers.
A well designed governance and management system can assist data controllers and operators institutionalise the enablers of GDPR compliance and provide greater visibility, flexibility and efficiency in managing data protection. Business environments are constantly evolving and require ongoing changes to technology, information and risk requirements. Built upon 20+ years of privacy experience and a unique combination of technology, methodology and expertise, a GDPR governance and management system offers a comprehensive solution to managing the full data protection life cycle.
Read more: Solutions for managing a GDPR Compliance Programme
Building on 20+ years of experience with fulfilling the extensive requirements for data protection in Germany, this GDPR Programme Management System is a unique combination of technology, processes and expertise to offer a comprehensive solution to manage the full GDPR programme, from planning, through implementation, GDPR compliant business operations, monitoring and continuous improvement in a cost effective way. It also provides DPO’s with workflow management to handle data subject and regulator requests, respond to incidents and provide breach notifications promptly.
COBIT 5 capability assessments can be highly subjective and depend on the assessor's IT knowledge and experience. The ITGN has the skill, experience and tools needed to ensure reliable results.
Improve your IT organisation's efficiency and effectiveness with a management system to coordinate and continuously improve the operational practices.