A comprehensive information audit to identify personal data across all formats - physical records, digital content and line of business application data - is essential for GDPR readiness and compliance. In identifying and profiling personal data you can ensure that it is processed in a secure and compliant manner. It enables the assessment of processing rationale as well as confidentiality, integrity, availability, resilience, retention and disposal aspects. It will also enable an organisation to meet the obligation to maintain records of processing activities under GDPR. This session will cover the scope and objectives of an information audit, the data to be gathered and the process to be followed.
GDPR is looming and most organizations still haven't taken the first steps toward ensuring compliance. There's a lot of noise and a fair amount of confusion around the topic, so relying on core principles and best practices provides a clear way forward to developing a straightforward and defensible information governance framework to support GDPR compliance prior to the regulation coming into force next year. This session will explore best practices with roots in quality management that consist of simple to implement and track standard operating procedures (SOP) and processes. Perfect compliance is not the goal; the goal is to put in place an easy to implement system of processes and procedures that prove that your organization is diligently following accepted best practices to comply. This includes simple, automated processes for identifying, responding to and correcting any area of non-compliance. Auditability is built in from the ground up. The result is that risk plummets, not only because the chances of non-compliance are minimized, but also because the organization can show and easily prove to auditing authorities that they have a robust and disciplined approach to information governance in general, and to GDPR specifically.
GDPR is a well-defined regulation, but understanding the regulation and implementing it within a business is often harder to plot. Making this task even harder are a serious of misconceptions, or myths, around GDPR. In this session, we’ll share the top 3 GDPR myths, and explain how to avoid them. We will offer tips on how to determine what YOUR organisation’s key challenges are, and learn ways to prioritise tasks to develop a response plan right for you.
Much of the collection of personal data that binds directly or indirectly to an individual is static. A centralized repository is an ideal option to embrace "privacy by default", ensuring the location and quality of data, assisting those accountable for the data, and providing the controls being applied to that data and content while still enabling analytics and reporting. Additionally, it facilitates personal data protection, portability and the data subject’s right to be 'forgotten'.
Creating a foundation to fluidly meet GDPR can uncover new opportunities to innovate for the future. Yes it requires a great digital strategy. Join us as we explore some opportunities and lessons we learned while implementing a holistic approach for regulations in a large financial institution.