Nymity’s GDPR Compliance Toolkit: A Two-Part Series – Part 2: Getting Down to Details
Addressing GDPR Readiness is a topic that’s front of mind for many organisations as 2017 winds down. How prepared is our organisation for May 2018? What steps do we need to take to demonstrate compliance? How can we increase our organisation’s accountability? These are important questions to be asking, and in order to best support our clients in answering them, Nymity created the GDPR Compliance Toolkit.
The GDPR Compliance Toolkit contains 5 essential resources to assist privacy officers in understanding, assessing, and planning for GDPR readiness, using an Accountability Approach. Today, in Part 2 of our blog series exploring the Toolkit, we’re going to look at the Nymity Privacy Management Accountability Framework™, the GDPR Readiness Assessment Questions, and the Accountability Roadmap for Demonstrable GDPR Compliance.
The Framework for Success
The Nymity Privacy Management Accountability Framework™ is an easy-to-read, menu-style visual tool that identifies operational and pracitcial measures that if implemented and maintained may provide evidence of GDPR compliance. The Framework was developed following years of research and on-the-ground workshops around the globe learning what activities organisations put in place to develop and implement a privacy infrastructure. The Framework contains a comprehensive list of these technical and organisational measures, structured into 13 categories. It has been mapped to hundreds of laws and privacy frameworks, and was mapped to the GDPR.
When mapped to the GDPR, Nymity research experts identified 39 GDPR articles that create obligations to put in place technical or organisational measures to demonstrate compliance. Those articles map to 55 measures within the Framework. Organisations can use the Framework to implement those 55 measures, enabling them to produce appropriate evidence of GDPR compliance.
Asking the Tough Questions
Preparing for GDPR compliance requires a great deal of structured planning and critical thinking. Nymity believes that compliance begins with Accountability; developing compliance infrastructure that mitigates risk and produces proper documentation at the operational level.
For this reason, it is critical that privacy management is embedded not just in the privacy office, but also within the business or functional units. The GDPR Readiness Assessment Questions itemize each relevant article of the GDPR and pose applicable, detailed, evidence collection questions to determine your organisation’s state of readiness article by article. Two sets of questions are provided (one for the privacy office, and one for operational and business units) to ensure that consistent compliance is achieved throughout the organisation as a whole.
Mapping the Path to Compliance
Lastly, the Nymity GDPR Compliance Toolkit contains the Accountability Roadmap for Demonstrable Compliance. This resource enables the creation of an operational GDPR compliance roadmap based on the accountability mechanisms that are appropriate for your organisation. It outlines the the 55 “mandatory” technical and organisational measures under the GDPR, mapping them to their appropriate article, and stating how each activity will help your organisation to comply with the obligation by providing sample evidence.
Organisations can go through the document article by article, identify all of the activities that are applicable to their organisation, and develop a practical, detailed roadmap that, if followed, will lead them to accomplishing the goal of demonstrable compliance under the GDPR.
Gain Support for Your Compliance Efforts
If you missed Part 1 of our series on the GDPR Compliance Toolkit, be sure to read the earlier blog post to learn more about the additional resources contained in the kit. Nymity’s extensive selection of support materials and research-based solutions have helped countless organisations to begin and execute privacy management infrastructure implementation. For more information on how Nymity can support your organisation in preparing for GDPR compliance, click here: