• No results found

Data Protection Officer (DPO) Maturity Pathways

N/A
N/A
Info
Downloaden
Protected

Academic year: 2021

Share "Data Protection Officer (DPO) Maturity Pathways"

Copied!
1
0
0

Bezig met laden.... (Bekijk nu de volledige tekst)

Download het nu ( 1 pagina )

Hele tekst

(1)

Marlon Domingus

Erasmus University Rotterdam marlon.domingus@eur.nl September 2019

Based on talks with many DPOs. How do DPOs act and make decisions?

Data Protection Officer (DPO) Maturity Pathways

a proposal

Version: September 22 2019

general description

way of work

use of data

reactive

case by case

The DPO knows what to do and focuses on high risk issues, whilst addressing unforeseen cases and answering questions. Responding to incidents.

Getting things done. Learning case by case.

Implementing best practices in the field.

Documenting evidence in the GDPR registers.

Creates management reports.

reactive

controlled processes

The DPO is in control and has standard answers for standard questions and standard procedures for standard issues. Can focus on high risk issues and specific questions.

Planning work and responding to incidents.

Responding successfully in an organised manner, following a chosen framework.

Providing best practices.

Roles and responsibilities are clear and actions have known starting points and predictable outcomes.

Creating dashboards fed by GDPR registers to have a helicopter view which enables zooming in where necessary to all relevant details.

Creates monthly tailored reports for various target groups.

pro active

analytic use of data

The DPO is in control and has in place a feedback loop from frequently asked questions to role specific training modules. Understands patterns in behaviour within and outside the organisation (suppliers / partners) and root causes of incidents.

Privacy specialists are embedded in projects with possible high risk processing. Specialist knowledge is involved at an early stage of

relevant major changes, armed with adequate assessment tooling and a risk mitigation portfolio.

Data is actionable and triggers correct and effective counter measures. Full time access to relevant information, with relevant

information and risk assessments.

Evidence based actions and learning cycle from the privacy organisation to the broader organisation and partners.

pro active

predictive use of data

The organisation is in control and has in place a continuous feedback loop from frequently asked questions to role specific training modules.

The organisation understands risks in possible future scenarios in advance, based on the built knowledge base and

knowledge of cause and effect.

Adequate privacy knowledge is embedded in the relevant job profiles of the organisation. Staff performs well on quarterly audits.

DPO focuses on privacy aspects and data ethics in strategic (AI) work.

Machine learning detects possible high risk scenarios and risk mitigating measures as input for the privacy aware organisation. The DPO uses random checks and audits to better understand underlying

dependencies in terms of vulnerabilities. Tailored relevant communication providing relevant context to groups and individuals for future work.

Referenties

Download het nu ( PDF - 1 pagina - 50.42 KB )

GERELATEERDE DOCUMENTEN

Frequently Asked Questions

- in geval van faillissement van een kredietnemer dient de kredietgever een aanvraag tot schrapping in op voormelde site Het Fonds stuurt, onder voorbehoud van

Qualitative Measurement of BI Maturity in a SME ICT Organisation

Because of the low BI maturity level of the organisation in this case study it was not possible to compare the found benefits, the challenges however show consistency with the

Frequently asked questions Examiners certified by CAA-NL

- Finally, in the period of 12 months immediately preceding the expiry date of the certificate applicants shall demonstrate their competence to an CAA-NL inspector or a

If the organisation goes Agile, Group Audit has to go agile!

- Dialogue on solutions in Demo (= factual + closing) - Agreed actions after each sprint for backlogs. - Report with culture and behaviour observations, hard controls

Questions a Board may ask to understand how an organisation controls its risks

Background: it is important for the Board to understand where responsibility for the enterprise´s Compliance function is placed within the organisation and whether it

Frequently Asked Questions (FAQ s):

Ja, maar u betaalt daarvoor enkel een vergoeding voor de auteurs, componisten en uitgevers van de muziek, niet voor de uitvoerende kunstenaars en de muziekproducenten.. Die betaalt u

Frequently Asked Questions on the Netherlands-Hong Kong Mutual Recognition of Funds

How should Dutch Management Companies that would like to seek SFC’s authorization for the offering of other European Union UCITS that qualify under the SFC recognised

Frequently Asked Questions Waves

2.1.8 MIJN HUIDIGE VENTILATOR IS AANGESLOTEN OP HET LICHTNET: WAT MOET IK DOEN OM DE WAVES VENTILATIE TE INSTALLEREN.. Waves werkt het beste indien deze continue van stroom