GDPR Compliance Journey - 18 Reviews and Third Party Reviews

Gydeline
21 May 201806:41

Summary

TLDRIn this video, Mike Salim discusses the ongoing nature of GDPR compliance, emphasizing that it's not a one-time task but requires regular reviews similar to a car's MOT. He suggests reviewing aspects like data protection impact assessments, processing records, and breach notifications. Salim recommends implementing a review system and conducting checks every six months, adapting the frequency to the organization's needs. He also shares examples of their review records and a form used to assess third-party GDPR compliance, highlighting the importance of keeping records simple yet comprehensive for future use.

Takeaways

  • 🔄 GDPR is an ongoing process: The script emphasizes that GDPR compliance is not a one-time activity but requires continuous review and maintenance.
  • 🚗 GDPR compared to car MOT: Just like a car needs regular checks, GDPR compliance must be reviewed regularly to ensure it remains fit for purpose.
  • 📝 Establish a system of reviews: Organizations should have a system in place to regularly review their GDPR compliance measures.
  • 🔍 Review various aspects: Key areas for review include data protection impact assessments, processing activity records, breach notifications, and consent records.
  • 📅 Regular review schedule: The script suggests a regular schedule for reviews, such as every six months, depending on the organization's needs.
  • 👀 Changes trigger reviews: Any change in the organization, processes, or data collection should prompt a GDPR compliance review.
  • 📑 Documenting reviews: Records of reviews should be kept, including checks performed and actions undertaken.
  • 📚 Training importance: The script highlights the importance of data protection training for employees to understand and comply with GDPR.
  • 📝 Third-party checks: Organizations must also ensure that third parties they work with are GDPR compliant by using forms to check their status and measures.
  • 📋 Simplified record-keeping: Records should be simple and usable, avoiding overly complex systems that may not be helpful in the future.
  • 🔑 Focus on principles, not details: When reviewing third parties, focus on whether they understand and implement GDPR principles rather than getting into overly detailed technical questions.

Q & A

  • What is the main purpose of this video script?

    -The main purpose of the video script is to emphasize the importance of ongoing reviews and maintenance of GDPR compliance, comparing it to the regular checks required for car MOTs.

  • Why does the speaker compare GDPR compliance to a car MOT?

    -The speaker compares GDPR compliance to a car MOT to highlight that both require regular checks and maintenance to ensure they remain effective and fit for purpose.

  • What does GDPR stand for?

    -GDPR stands for General Data Protection Regulation.

  • What types of records need to be reviewed for GDPR compliance?

    -Types of records that need to be reviewed include data protection impact assessments, processing activity records, breach notifications, and consent records.

  • How often should organizations review their GDPR compliance?

    -Organizations should review their GDPR compliance regularly, especially when there are changes in the organization, processes, information collected, or personnel. The speaker suggests scheduling reviews every six months as a guideline.

  • What is the purpose of keeping records of GDPR reviews?

    -The purpose of keeping records of GDPR reviews is to document the checks and actions taken to maintain compliance, ensuring there is evidence that ongoing review and maintenance are being performed.

  • What should organizations avoid when keeping records for GDPR compliance?

    -Organizations should avoid creating overly complex records that are difficult to use. Records should be simple, containing all necessary data while remaining user-friendly.

  • What does the form sent to third parties typically ask?

    -The form sent to third parties typically asks basic questions to confirm awareness training, understanding of the privacy policy, and knowledge of procedures for data loss. It avoids overly detailed questions and focuses on essential compliance principles.

  • Why does the speaker prefer simple questions for third-party GDPR compliance checks?

    -The speaker prefers simple questions to ensure that the fundamental principles of GDPR compliance are being met and to avoid unnecessary complexity. Detailed concerns can be addressed later if needed.

  • What will the final part of the GDPR compliance journey cover?

    -The final part of the GDPR compliance journey will review the guideline software to assess compliance, discuss lessons learned, and consider priorities for addressing GDPR efforts.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now
Rate This

5.0 / 5 (0 votes)

Related Tags
GDPR ComplianceData ProtectionOngoing ReviewsPrivacy PolicyThird-Party ChecksTraining RecordsData BreachAwareness TrainingRegulatory ComplianceData ManagementCompliance Audit