There are various tools out there that cover essential elements on a data project, such as data discovery, data mapping and data lineage. Meanwhile, gap analyses tend to be performed by traditional auditing methods, such as reviewing the organisational and process documents and liaising with those departments involved in data processing.
Below is a non-exhaustive list of support tools:
- https://privacyengine.io provide an information flow mapping tool which can be used for gap analysis.
- linq.it/linq-for-gdpr helps identify and model the most valuable information assets, and provides tools to make informed, evidence-based decisions.
- https://www.totalprogrammecontrol.com/gdpr.php assesses GDPR compliance from a supplier perspective.
- proteuscyber.com provides DPOs with a ready-made suite of tools to model business processes, define sensitive data and where it is, and also performing multi-phase Data Privacy Impact Assessments
Meanwhile, project management is a must. This includes parts of the project, such as legal assessment and data governance.
- http://www.rexecurity.com/gdpr-compliance-services/gimpr-gdpr-methodology-p143.htm is a project management methodology tool for GDPR compliance based on PRINCE2(R).
- Oracle's E2E solution, which carries modules including encryption and data discovery is also well received.
Ultimately there is no tool that solves all privacy needs. It is therefore sensible to specify your own (or that of your organisation’s) requirements upfront before making a selection. Consulting peers with hands-on experience is recommended.
In respect of securing privacy, the following controls must be considered:
Cloud data protection (CDP): Encrypting sensitive data before it goes to the cloud with the organisation maintaining the keys, rather than the cloud provider.
Tokenisation: Substituting a randomly generated value (the token) for sensitive data such as credit card numbers, bank account numbers and social security numbers.
Encryption: Using encryption techniques to obscure data, protect personal privacy, achieve compliance, and reduce the impact of cyber-attacks and accidental data leaks.
Data access governance: Providing visibility into what and where sensitive data exists and data access permissions and activities.
Consent/data subject rights management: Managing consent of customers and employees, as well as enforcing their rights over the personal data they share.
Data privacy management solutions: Platforms that help operationalise privacy processes and practices, supporting privacy by design and meeting compliance requirements and initiating auditable workflows.
Data discovery and flow mapping: Scanning data repositories and resources to identify existing sensitive data, classifying it appropriately in order to identify compliance issues, apply the right security controls, or make decisions about storage optimization, deletion, archiving, legal holds and other data governance matters.
Data classification: Classification is the foundation of data security and enables the prioritisation of what the organisation needs to protect.
Enterprise key management: Key management solutions store, distribute, renew and retire keys on a large scale across many types of encryption products.
Application-level encryption: Encrypting data within the app itself as it is processed will protect sensitive data at every tier in the computing and storage stack and wherever data is copied or transmitted.
Contact our Data Protection and GDPR Solicitors Liverpool, Wirral, Merseyside and Across England & Wales
We understand that running your business keeps you very busy. We provide you with clear and practical advice to make data protection and GDPR compliance as straightforward as possible. We are also aware of your need to find cost-effective solutions, so for a free initial consultation with our data protection and GDPR solicitors, contact us on 0151 659 1070 or complete our online enquiry form.