Accountability Based Solutions for Process Data Inventory and Data Mapping
The EU’s General Data Protection Regulation (GDPR) requires organisations to maintain comprehensive and current internal records of their data processing activities. Data Inventory/Mapping is an excellent first step in building a privacy or compliance program. Leveraging years of research and supported by Nymity’s deep Privacy Office/DPO expertise, ExpertMapping™, is a simple, automated solution that turns data inventory into an outcome of project reviews completed by a motivated business.
Enables the repurposing of personal data
Nymity ExpertMapping™ enables the business to identify different sources of personal data within the organization and repurpose the data to drive additional value to individuals, society and the organisation while ensuring that it is done in compliance with law and corporate policy. For the EU (or other jurisdictions that support legitimate interest as legal grounds for processing) the solution provides both the benefits to individuals and documentation of the mitigation of potential harms to individuals enabling the balancing test necessary for processing based on legitimate interest.
Motivates the business
Nymity ExpertMapping™ provides the business with several solid motivators to encourage use of the system in a proactive and accurate manner. For example, to enable the business to do more with data, provides evidence of compliant processing, forgoing a lengthy review process, equips the business to do it right the first time, and avoids questionnaires. Plus, everything is written in the language of the business, not privacy terms, making it easy and quick for the business to meet policy expectations. With Nymity ExpertMapping™, compliance is an outcome, not the motivator.
Promotes accurate information
Nymity ExpertMapping™ results in the business wanting to know where their data resides such that it can repurpose this data. It needs to ensure the data is accurate and up-to-date for potential use. A side benefit of accurate data is it helps ensure compliance for example, when there is an access request or a data breach as both the business and the Privacy Office/DPO needs to understand where the data resides. To the business, compliance is an outcome, not the driver.
Minimizes engagement time
Nymity ExpertMapping™ focuses data collection on what is legally required and what provides value to the business. Limiting the data collection is a simple but powerful concept saving huge amounts of time and increases the chances of quick and successful implementation while maximizing the probability of long-term use.
Includes Drilldown Dynamic Data Mapping™
Nymity ExpertMapping™ provides functional data mapping and other visualization with drill-down compliance support capability to answer the questions from the management, business and if need be, regulators. Understand and demonstrate your legal grounds for processing, your cross-border mechanism, your risk mitigation to processing and your risk mitigation to individuals. Demonstrate the positive side of privacy including the benefits you are providing your employee, customers and if applicable society at large. The solution’s Drilldown Dynamic Data Mapping™ is a business intelligent decision support and reporting tool.
Supports Vendor Management
It is uncommon for vendor management to be the responsibility of the Privacy Office/DPO, but the Privacy Office/DPO often plays a key role in vendor management. For new processing activities, the Solution identifies when 3rd-party processors are being used, engages the right policies and procedures to ensure privacy is covered in contracts, ensures proper due diligence is conducted and enables ongoing reporting for all privacy-related vendor management support. It provides the Privacy Office/DPO the proper mix of guidance, support and oversight to ensure privacy compliance with laws and policies when processing is conducted outside of the organisation.
Accountability Data Use Strategy
Nymity ExpertMapping™ is an expert system that provides recommendations for appropriate policies, procedures and other accountability mechanisms that can be applied to one or more projects to further mitigate risk. It identifies the projects and the risks to individuals and to the organisation that the mechanism may help mitigate if applied to the processing. When combined with Nymity Templates™, the solution directs the subscriber to the specific section in Nymity Templates™.
Includes Accountability Data Use Strategy™ support
Nymity ExpertMapping™ includes the ability for organisations to implement a bottom-up data use strategy by identifying specific personal data that will bring the greatest benefit to individuals and the organisation. Also, specific purposes can be promoted and repurposed over and over to help maximize the value to individuals and the organisation. This solution is enabled by Nymity ExpertPIA™.
Includes Accountability Data Valuations™
Nymity ExpertMapping™ includes a customizable formula for your business to create a valuation for the personal data in the organisation that can be tracked, visualized and reported over time. The Accountability Data Valuations™ are typically combined with the Benefits to Individuals Reporting™ to tell a powerful story to management and the board. It also serves as another motivator for the business to engage as it helps increase the accuracy of the data by encouraging the business to frequently update past PIAs.
On-demand Compliance Reporting™ for Article 30 (Records of processing activities)
Nymity ExpertMapping™ automatically generates a wide variety of reports that are of value to the business including reports that meet legal and regulatory requirements and produces them on-demand (as required by some laws including the GDPR). Should an investigation occur, the solution supports regulatory inquires related to data location, data transfer mechanism, legal grounds for processing, risk to individuals, purpose, data type, DPIA criteria, data recipients, data subject, retention periods and which appropriate technical and organisation measures are in use and where. In fact, report on any combination of the above.
Fast documenting of current processing, a GDPR requirement
The GDPR requires records of processing activities for current processing activities. Nymity ExpertMapping™ enables the business to quickly capture this information and prepare for GDPR. In fact, it enables and motivates the business to do so and as there are no questionnaires it is very fast. Plus, the Nymity ExpertMapping™ does a risk-based and structured approach to maximizes the available resources for documenting current processing.
Future proof compliance
Nymity ExpertMapping™ is an expert system based on Nymity’s dedicated research team of privacy professionals. It is updated each time member states implement one of the 26 delegated acts or 22 implementing acts made possible in the GDPR. Also ensure the latest from Article 29 Working Party and what is expected leading up to May 25th 2018 when the GDPR will go into effect. Plus, you are future proof for the ePrivacy regulations and what-ever should happen after Brexit.