514 words, 1.9 minutes read.
GDPR 1 big thing: Secure that your strategy has involvement working with Legal, translating privacy requirements, and regulations.
The big picture: Be certain that your workforce is responsible for assisting with the management of the data privacy, data protection, data usability, performance and the integrity of the privacy solution.
Why it matters: Make sure you have a team that has a passion for driving business value though the use of high quality data and advocacy for the value of data as an asset.
What to watch: Consult and provide guidance to product teams (including product managers, engineers, designers, and content strategists) to develop creative solutions to privacy-by-design challenges during the development of innovative technical products.
Meanwhile: Analyze business initiatives, including new products, processes, and vendor relationships using Privacy Impact Assessments and other tools to determine whether they create privacy risk and comply with privacy policies and processes.
Yes, but: Safeguard that your design coordinates the preparation of, and prepares and reviews complex, technical, financial, and other reports, plans, and documents; coordinates operations data collection and analysis; develops, makes and/or approves recommendations; and reviews the work of others to ensure accuracy and completeness.
How it works: Develop experience configuring security controls and developing architectures according to industry standards NIST SP 800 53/ISO 27001/PCI DSS; HIPAA, HITRUST, GDPR, etc.
On the flip side: Make sure the it security assessor performs security assessments of (internal) clients it environments against various industry standards and regulations including pci, hitrust, iso 27001/2, hipaa, soc, gdpr and others.
What they’re saying: “Support privacy incident management: monitor trends/slas, evaluate root cause of issues and partner with lob and control officers to enhance/launch data protection tools.“, Omar G. – Senior Cybercrimes Investigator, US
Go deeper: Warrant that your design is enforcing privacy and security policies and procedures, including working with human resources to impose sanctions for failure to comply.
The backdrop: Monitor data protection and privacy regulatory developments to assess impact to cb business and operations, influencing changes to existing policies, standards, controls, and procedures.
The bottom line: Develop experience working with the GDPR, CCPA, CPRA, and other relevant state and overarching privacy regulations to perform data governance, data protection, compliance program assessments and privacy program implementations.
What’s next: Make sure your team works closely with IR and data providers, as data vendors and the public in order to collect all relevant data needed to complete studies.
ICYMI: Provide regular project management and data analytics support to the Privacy function of Ethics and Compliance to include projects related to you privacy laws and various GDPR laws around the world.
A MESSAGE FROM THE ART OF SERVICE
Get started: store.theartofservice.com/GDPR-critical-capabilities/
Trusted by: Hodges University, LogMeIn, Alight, Takeda Pharmaceutical, Coinbase, Priceline.com, Microsoft, University of California, Santa Barbara, Liberty Mutual Insurance, Briotix, Inc., QVC, Zynga, Crownpeak, Bose, Splunk, Citizens, Havas Media, Kellen Company, Roche, iRhythm Technologies, Southwest Airlines Co., Gap Inc., Organic, Facebook, RainFocus, Coursera, Trustpoint.One, Highspot, Match Group, Amex, Syngenta, Intone Networks, Innovid, Mazars USA, Calm, Innovations for Poverty Action, Sorenson Communications, Capgemini, Arhaus Furniture, DDMR, Guidewire Software, Inc., Informatica, Deloitte, Science 37, GTB, Columbus Technologies, amdocs, Wunderman Thompson, IntelliCentrics, Amazon.com Services LLC, Juniper Networks, MBO Partners, Insight Enterprises, Inc., Square, McKinsey and Company, GMMI INC, IBM, Patagonia, Inc, Hopper, AlignTech, SitusAMC, Rakuten Americas, PRICE WATERHOUSE COOPERS, Wiley, Room to Read, Florida National University, Equifax, MarketStar, Prudential, NeoGenomics Laboratories, CVS Health, CrowdStrike, NVIDIA, The Walt Disney Company (Corporate), Genentech, Stericycle, Wells Fargo, Fidelity Investments, Latham and Watkins LLP, Fortive Corporate, Medtronic, Inflection, Synacor, SAP, Hogarth Worldwide, PwC, Graebel Companies Inc., Verizon