A STRUCTURED APPROACH TO PRIVACY MANAGEMENT: DEMONSTRATING COMPLIANCE

To demonstrate data privacy compliance is to show that the organization complies with requirements of a law, regulation, policy, or other commitments such as a privacy notice or code of conduct (“Rule Source”). This manual will introduce the accountability approach to demonstrating compliance, and provide detailed instructions for how to implement this approach. Demonstrating compliance through an accountability approach goes a step further than simply showing that compliance requirements have been met, it enables the organization to demonstrate how the requirements are met, and it shows that there is structured privacy management in place to enable ongoing compliance.

For several years, Nymity has conducted formal research and observed privacy management programs in organizations across the world, of various sizes, and in every sector. Much of our research on privacy management has focused on measuring and reporting on the status of data privacy accountability and compliance. We have spoken with Privacy Officers, Policy Makers and Regulators to identify the critical success factors for demonstrating compliance. A key outcome of this research is that among several approaches, the most effective, structured, and scalable approach is for the privacy office to use an accountability approach to demonstrate compliance.

Effective privacy management relies on the interpretation of requirements, an assessment of risk, and other subjective factors. That isn’t to say there is no right answer; there is a right answer, however, providing it requires a dialogue about context. Nymity’s research has found that the best way to demonstrate compliance is for the Privacy Officer to articulate the subjective and objective factors influencing decisions and outcomes. The Privacy Officer is in the best position to understand and be able to articulate compliance in the context of:

  • The rules of privacy law;
  • The organization’s business and data processing practices;
  • How privacy management is embedded throughout the organization; and
  • The risk of harm to individuals and the organization.

This manual details how a privacy office can demonstrate compliance by contextualizing evidence to Rules. It also provides guidance for effectively gathering evidence and reporting quantitative metrics using a Microsoft Excel® spreadsheet called the Nymity Data Privacy Accountability Scorecard™.

Nymity Data Privacy Accountability Scorecard™
The Nymity Data Privacy Accountability Scorecard (“Accountability Scorecard”) is a scalable, evidence-based framework that allows organizations to:

  1. Monitor and measure privacy management activities
  2. Assign appropriate ownership
  3. Produce supporting evidence

In other words, the Accountability Scorecard enables organizations to demonstrate compliance and accountability for data privacy.

Leverage Existing Documentation
Processing personal data responsibly takes place throughout the organization and many organizations were doing so long before the establishment of the privacy office. The Evidence Worksheet found in the Scorecard™ enables the privacy office to collect documentation already being produced by activities that are taking place across the organization whether they are:

  • Implemented by the privacy office: the privacy office is directly responsible for performing the activity;
  • Influenced by the privacy office: in some cases, the privacy office supports other parts of the organization in embedding privacy into operational practices; or
  • Independent of the privacy office: the activity may be performed entirely within another part of the organization, and the privacy office observes with limited influence.

Demonstrating Compliance Manual

This manual will introduce the accountability approach to demonstrating compliance, and provides detailed instructions for how to implement this approach. Demonstrating compliance through an accountability approach goes a step further than simply showing that compliance requirements have been met.

DOWNLOAD
Demonstrating Compliance Manual

Nymity Data Privacy Accountability Scorecard™

The Accountability Scorecard is a scalable, evidence-based framework that allows organizations to demonstrate compliance and accountability for data privacy.

DOWNLOAD

ACCOMPANYING RESOURCES AND SOLUTIONS

Nymity Attestor™ is a privacy management software solution that enables the privacy office to demonstrate accountability and compliance. Attestor enables organizations to report on the status of the privacy program - generating quantitative metrics supported by evidence - using the Nymity Data Privacy Accountability Scorecard™.


DEMONSTRATING COMPLIANCE

Organizations have a growing number of reasons to demonstrate compliance with privacy laws and regulations. Article 22 of the EU General Data Protection Regulation, as currently written, will require businesses to ensure that their processing activities comply with the requirements of the Regulation and to demonstrate that compliance to Supervisory Authorities.


Demonstrating Compliance Manual

This manual will introduce the accountability approach to demonstrating compliance, and provide detailed instructions for how to implement this approach.

DOWNLOAD

Nymity Data Privacy Accountability Scorecard™

The Accountability Scorecard is a scalable, evidence-based framework that allows organizations to demonstrate compliance and accountability for data privacy.

DOWNLOAD

ACCOMPANYING RESOURCES AND SOLUTIONS

LEARN MORE

Nymity Attestor™ is a privacy management software solution that enables the privacy office to demonstrate accountability and compliance. Attestor enables organizations to report on the status of the privacy program - generating quantitative metrics supported by evidence - using the Nymity Data Privacy Accountability Scorecard™.



LEARN MORE
DEMONSTRATING COMPLIANCE

Organizations have a growing number of reasons to demonstrate compliance with privacy laws and regulations. Article 22 of the EU General Data Protection Regulation, as currently written, will require businesses to ensure that their processing activities comply with the requirements of the Regulation and to demonstrate that compliance to Supervisory Authorities.

Legal   |   Privacy Notice  
© 2002-2017 Nymity Inc. All Rights Reserved.