The European Commission’s General Data Protection Regulation (GDPR) is complex and technical. It contains many wide ranging obligations that require considerable effort to achieve and maintain compliance. Non-compliant data controllers and processors face significant fines and penalties should they not be compliant when the GDPR comes into force.
While the GDPR intends to deliver a harmonised EU data protection regime across the Member countries, the context of data processing is different in every organisation, creating different levels and types of risks to the fundamental rights and freedoms of natural persons within the EU and requiring a different concept for data protection and compliance with the GDPR. A solution aimed at assisting data controllers and operators to manage their GDPR compliance programme will need to be customisable, scalable and rich in functionality to support many different aspects of a privacy management programme.
Although many organisations have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains many more new protections for EU data subjects and it requires companies handling EU citizens’ data to undertake major, wide-ranging operational reform.
The complexity, size and attention to detail needed to fulfil the GDPR obligations and maintain ongoing compliance will require considerable effort from those responsible. The GDPR includes provisions that promote accountability and governance, and require transparency. Data controllers and processors are expected to put into place comprehensive but proportionate governance measures. To do so without the appropriate solutions is going to be difficult, especially if preparations were not started soon enough.
A GDPR governance and management system is designed to assist data controllers direct and control the operational practices across an organisation’s business activities, the management of records, the processing of personal data enterprise-wide and the effectiveness of the data protection safeguards. The governance and management system can be configured to provide fine grained monitoring and reporting on the individual measures taken across any number of business processes and business units. It integrates to the extent required with existing organisational processes and practices, embedding data protection as part of “business as usual” operations.
Role based governance dashboards enable those with accountability to have oversight of the GDPR programme and its various components including cybersecurity, cloud computing controls and records management. Customised management reporting provides managers with the information needed to identify and target specific areas where data protection improvements are required and organisational capability improved.
Solutions for governing and managing GDPR compliance must themselves adhere to the rules for processing personal data lawfully.