Building Tables to Demonstrate Compliance
Identification of the required Rules of law to demonstrate compliance to management, business partners, and Regulators has historically been a challenge, even for organizations that must only comply in a single jurisdiction. Nymity LawTables™ enables the privacy office to quickly identify the Rules of law that require Evidence, and to demonstrate compliance.
Laws and regulations consist of several provisions (“Rules”) – some Rules are informational and others require evidence to demonstrate compliance. Informational Rules may include definitions, enforcement powers, etc.
- For example, under the UK Data Protection act, “data subject” means an individual who is the subject of personal data.
- Part I, section 6 states that “shall be an officer known as the Information Commissioner"
Informational Rules are important to understand, however, they do not require any action on the privacy officer’s part in order for the organization to be compliant. Some Rules, however, do require the privacy office to take action and therefore require evidence in order for the organization to demonstrate compliance.
- For example, the UK Data Protection Act requires that, “The data controller must take reasonable steps to ensure the reliability of any employees of his who have access to the personal data.” This requires action on the part of the privacy office, and the evidence is most likely produced by Privacy Management Activities within the Privacy Management Process: Manage Information Security Risk (e.g. Maintain human resource security measures (e.g. pre-screening, performance appraisals).
Nymity LawTables™ enables the privacy office to quickly identify the Rules requiring evidence. In fact, Rules can also be filtered by a specific Privacy Management Process, such as ‘Maintain Training and Awareness Program’, to view all the laws that require evidence of training in order to be compliant.
For this use case, the Nymity LawTables™ solution supports the privacy office in reducing privacy risk helping the privacy office to:
- Save time when analyzing laws, and be prepared to demonstrate compliance using operational documentation
- Avoid duplication of effort – easily identify where you can leverage activities in one jurisdiction to satisfy requirements in another
- Provide meaningful advice to stakeholders such as business, compliance, and legal executives
This use case is designed to use as a business case to justify the purchase of the Nymity LawTables™ solution.