středa 18. října 2017

How Legal and IT Teams Can Work Together to Achieve GDPR Compliance

How Legal and IT Teams Can Work Together to Achieve GDPR Compliance
Článek najdete
na portálu 
okta.com, konkretně na adrese:
https://www.okta.com/blog/2017/10/tips-for-legal-IT-GDPR-compliance/
Autorem, je Chris Niggel - Director, Security and Compliance - Oct.17.2017
Cituji vybrané části textu:
"This article doesn’t constitute legal advice, and is provided for informational purposes only".
"While the GDPR can seem intimidating at first, thoughtful planning can help your organization efficiently maintain compliance."
"... And since the regulation can affect many parts of the enterprise, regular interdepartmental meetings will help ensure that each team is aware of any operational changes that are being made."
"The keys to getting ready for the regulation are communication, transparency, and accountability. Everyone involved in GDPR preparations needs to understand their role and be held accountable for ensuring compliance."
"The regulation strongly encourages encryption and requires that security measures are built into any system that is engineered to collect, process, or store personal data of EU individuals."
"What IT needs to gather for and from the legal and compliance teams."
"The IT department knows the nitty gritty of your enterprise’s data infrastructure in a way that the legal department may not, meaning that IT may need to outline much of that information for the organization’s legal and compliance teams."
"Mapping the personal data and avoiding unnecessary duplication is one of the key ways to help ensure compliance with the GDPR. Doing so makes it easier to comply with erasure and portability requests."
"Regular training about the GDPR requirements can also help IT better understand how personal data of EU individuals is subject to the regulation. IT will also need to work with the compliance and legal teams to understand if any IT processes for handling data needs to be changed to better comply with the regulations."
What compliance and legal teams need to know about IT
"A key role of an organization’s compliance and legal teams is to understand how their enterprise collects, stores, and processes personal data of EU individuals, and how the GDPR impacts the organization."
"While both the controller and processor are generally responsible for security of the data, each has different responsibilities that an organization’s compliance and legal teams will need to apprise them of."
"It may be important for compliance and legal teams to advise IT about whether new security solutions – such as identity and access management or a cloud access security broker – are needed to ensure personal data-handling is compliant with the GDPR."
"Encouraging two completely different departments to work together can be a challenge, but there are several ways to ensure smooth collaboration."
"They can communicate across departments to keep track of what each team is doing to get ready for the GDPR. It’s also important for teams to have a checklist with deadlines, and even more so to hold people accountable if they miss those deadlines."
"Bring teams together and visually map out roles and expected contributions to the end goal of GDPR compliance. Request input from teams on process improvements, to help them feel valuable and invested in the final outcome."
"Finally, leaders of all affected departments should hold regular meetings to know how far along they are towards achieving their GDPR goals."