COMPLIANCE TOOLS

25 July 2018

• GDPR
• data privacy
• Solicitors Liverpool
• Data controller
• Data Processing
• Data Protection Officer
• Compliance
• data consent
• Compliance tools
• GDPR gap analysis
• Audits
• EU gdpr compliance gap assessment tool
• data discovery
• data mapping
• data lineage
• project management
• Cloud data protection
• tokenisation
• encryption
• processing activities
• gap analysis

Supporting GDPR Gap Analysis and Audits

 

 There are various tools out there which cover essential elements on a data project, such as data discovery, data mapping and data lineage. Meanwhile, gap analyses tend to be performed by traditional auditing methods, such as reviewing the organisational and process documents and liaising with those departments involved in data processing. 

Below is a non-exhaustive list of support tools:

Privacyengine.io  provide an information flow mapping tool which can be used for Gap Analysis.

 

www.linq.it/linq-for-gdpr   helps identify and model the most valuable information assets, and provides tools to make informed, evidence-based decisions.

 

https://www.totalprogrammecontrol.com/gdpr.php assesses GDPR compliance from a supplier perspective. 

 

www.proteuscyber.com  provides DPOs with a ready-made suite of tools to model business processes, define sensitive data and where it is as well as performing multi-phase Data Privacy Impact Assessments

 

Meanwhile, Project Management is a must. This includes parts of the project such as legal assessment and data governance.

 

http://www.rexecurity.com/gdpr-compliance-services/gimpr-gdpr-methodology-p143.htm is a Project Management methodology tool for GDPR compliance based on PRINCE2(R).

Oracle's E2E solution, which carries modules including encryption and data discovery is also well received.

 

Ultimately there is no tool that solves all privacy needs. It is therefore sensible to specify your own (or that of your organisation’s) requirements upfront before making a selection. Consulting peers with hands-on experience recommended.

 

In respect of securing privacy, the following controls must be considered:

    

Cloud data protection (CDP): Encrypting sensitive data before it goes to the cloud with the organisation maintaining the keys, rather than the cloud provider.  

 

Tokenisation: Substituting a randomly generated value (the token) for sensitive data such as credit card numbers, bank account numbers, and social security numbers.  

 

Encryption: Using encryption techniques to obscure data, protect personal privacy, achieve compliance, and reduce the impact of cyber-attacks and accidental data leaks.  

 

Data access governance: Providing visibility into what and where sensitive data exists, and data access permissions and activities.

 

Consent/data subject rights management: Managing consent of customers and employees, as well as enforcing their rights over the personal data that they share.

 

Data privacy management solutions: Platforms that help operationalise privacy processes and practices, supporting privacy by design and meeting compliance requirements and initiating auditable workflows.

 

Data discovery and flow mapping: Scanning data repositories and resources to identify existing sensitive data, classifying it appropriately in order to identify compliance issues, apply the right security controls, or make decisions about storage optimization, deletion, archiving, legal holds, and other data governance matters.

 

Data classification: Classification is the foundation of data security and enables the prioritisation of what the organisation needs to protect.  

 

Enterprise key management: Key management solutions store, distribute, renew, and retire keys on a large scale across many types of encryption products.

 

Application-level encryption: Encrypting data within the app itself as it is processed will protect sensitive data at every tier in the computing and storage stack and wherever data is copied or transmitted.