GDPR Compliance Journey - 06 Data Protection Impact Assessment

Gydeline
9 Apr 201809:37

Summary

TLDRIn this informative video, the host guides viewers through the process of conducting Data Protection Impact Assessments (DPIAs) in compliance with the General Data Protection Regulation (GDPR). The video offers a free DPIA template, discusses the company's system for managing GDPR records, and highlights the importance of DPIAs even for businesses not required by law. It provides an in-depth look at the company's DPIA progress, including data collection, storage, and deletion processes, and outlines future steps to enhance data security and compliance.

Takeaways

  • πŸ“š The video introduces a free data protection impact assessment (DPIA) template available for download on their website.
  • πŸ”’ The company uses a system to manage GDPR records and is considering sharing this system with customers.
  • 🚫 Not all businesses are required to perform a DPIA under GDPR unless they process data on a large scale, make automated decisions, or handle special categories of information.
  • πŸ“ The speaker guides through their own DPIA process, highlighting the importance of compliance in their business operations.
  • πŸ‘€ The DPIA identifies the Assessor, the Data Protection Officer, and details the data processing activities involved.
  • πŸ’Ό The script discusses the general business data process, including capturing personal data from various sources like business cards and emails.
  • πŸ“§ It mentions the storage of emails on servers in the Netherlands and the stakeholders involved in data processing.
  • πŸ—‘οΈ The company has documented processes for deleting data from their CRM system and local mail clients, as well as the expectation that providers will delete data from their archives.
  • πŸ“ Another DPIA example covers the newsletter mailing list, detailing how data is captured, stored, and the option for individuals to opt-out.
  • πŸ” Risks associated with cloud providers are identified, and measures like two-factor authentication and data encryption are used to mitigate these risks.
  • πŸ“ˆ The company aims to improve compliance by implementing single sign-on, reviewing retention policies, and conducting regular DPIA reviews.

Q & A

  • What is the main topic of the video script?

    -The main topic of the video script is data protection impact assessments (DPIAs) in the context of GDPR compliance.

  • Is there a free resource available for those interested in starting with DPIAs?

    -Yes, there is a free data protection impact assessment template available on the website, which is mentioned in the script.

  • What does the company use to manage their GDPR records?

    -The company uses a system for managing their GDPR records, which they plan to share with customers in the future.

  • Under what circumstances is a data protection impact assessment not required according to the script?

    -A DPIA is not required if the company is not processing data on a large scale, not making automated decisions, and not processing special categories of information.

  • What is the purpose of the general business data DPIA mentioned in the script?

    -The purpose is to recognize the personal data captured during everyday business activities, such as business cards, meetings, calls, etc.

  • Where is the general business data captured and stored according to the script?

    -The general business data is captured and mainly recorded within the company's CRM system or received via email and stored on email servers in the Netherlands.

  • What is the process for deleting data in the context of the general business data DPIA?

    -Data can be deleted directly from the CRM system or according to the company's retention policy, emails for contacts are also deleted from local mail clients.

  • What is the newsletter mailing list DPIA about?

    -The newsletter mailing list DPIA is about maintaining a database of contacts interested in receiving guideline news and developments, captured via the guideline website and stored in the CRM system.

  • Who are the stakeholders in the newsletter mailing list DPIA?

    -The stakeholders are customers, potential customers, employees, and directors of the company.

  • How does the company handle data deletion from the newsletter mailing list?

    -Data can be deleted directly from the CRM, and there is an opt-out option in the mailing lists to ensure no future information is sent to those who choose to unsubscribe.

  • What are the main risks identified in the DPIAs mentioned in the script?

    -The main risks are related to cloud providers being compromised, such as the hosting provider AWS or the primary software provider Zoho.

  • What protective measures does the company implement as per the script?

    -The company stores data on encrypted systems, avoids unnecessary email storage of customer information, deploys two-factor authentication, collects only required information, and enforces a data retention policy.

  • What future focus areas does the company plan to implement to improve compliance?

    -The company plans to implement single sign-on, further checks on the retention policy, and conduct another deep DPIA in six months, along with monthly reviews of existing DPIAs.

  • What was the compliance status and number of outstanding actions before the recent updates in the guidelines software?

    -Before the updates, the compliance status was at 42% with fifty-three outstanding actions.

  • What was the impact of the recent updates on the company's compliance status and number of actions?

    -After the updates, the compliance status increased to 48% and the number of actions was reduced by 3.

  • What is the next major topic the company will address in their compliance journey?

    -The next major topic the company will address is consent.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now
Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Related Tags
GDPR ComplianceData ProtectionImpact AssessmentPrivacy PolicyData SecurityCloud RisksCRM SystemsNewslettersData RetentionCompliance ToolsRegulatory Guidance