Run-up to May 25: The most downloaded resources from Nymity Templates™

Written by Meaghan McCluskey
on May 31, 2018

The GDPR is now officially enforceable, following the implementation date of May 25, 2018. To prepare for and to maintain and demonstrate ongoing compliance with the GDPR, organizations have been enhancing or creating a  privacy management infrastructure that demonstrates accountability through the evidence of various technical and organisational measures.

As organisations continue to enhance their privacy management programs, it is helpful to understand where peer organisations have been focusing their efforts in the days leading up to the GDPR enforcement date. In today’s blog post, we will be detailing the Top 5 Most Downloaded Privacy Management Activities (technical and organisational measures), as well as the individual resources associated to them that have been receiving the most attention.

Resources from Nymity Templates™

Nymity Templates is a one-of-a-kind tool containing more than 700 downloadable expert resources associated with more than 130 privacy management activities. Nymity Templates allows the user to:

  • Develop structured privacy management
  • Operationalise ongoing compliance
  • Put accountability into practice
  • Generate evidence
  • Conduct annual reviews
  • Develop structured privacy management

Featuring user-friendly templates and checklists, all of the resources discussed today have been pulled from this unparalleled privacy management software tool.

Top 5 Downloaded Activities

1) Maintain Procedures to Respond to Requests for Access to Personal Data
Organisations must have procedures that enable a response to requests from data subjects for access to the personal data stored about them. These procedures must ensure that the requests are responded to in a timely manner, in accordance with the law, and that proper checks have been put in place to confirm that the individual making the request actually has the right to access the data. The procedures must have in place a protocol for escalation where necessary.

Top Downloaded Resources:

  • GDPR checklist for reviewing access and information request procedures
  • Sample acknowledgement of request letter
  • Sample response letter

2) Maintain an Inventory of Personal Data and/or Processing Activities
Article 30 of the GDPR requires organisations to maintain records of processing activities. This activity addresses both traditional data inventories based on standard questionnaires for the various departments, as well as records of processing inventories that would address compliance with Article 30 . Article 30 reports require details surrounding the activity of processing, such as technical and organisational measures, categories of data types, data subjects, etc.

Top Downloaded Resources:

  • Personal data inventory workbook (with EU)
  • Sample personal data inventory
  • Scope and business case

3) Maintain a Data Privacy Incident/Breach Response Plan
Article 33 of the GDPR requires organisations to create and maintain an incident/breach response plan. Such plans provide a coherent, systematic, and proactive method of managing privacy breaches and security incidents affecting personal data in a consistent fashion.

Top Downloaded Resources:

  • Real-world samples
  • GDPR checklist to review the incident response protocol
  • Checklist for breach response protocol consideration

4) Integrate Privacy by Design into Data Processing Operations
Article 25 of the GDPR requires organisations to put in place appropriate technical and organisational measures to address data protection by design and by default.  This concept requires that organisations design policies, procedures and systems which comply with the GDPR from the inception of the product’s or processes’ development and integrate these throughout the organisation.

Top Downloaded Resources:

  • GDPR- Key considerations for data protection by design and by default
  • Sample privacy by design measures
  • Operationalising privacy by design

5) Maintain an Employee Data Privacy Policy
Organisations must provide guidance to all employees who are using and processing the personal information of their peers. Separate from a general data privacy policy, an employee data privacy policy addresses how the organisation will collect, use, and process employee data. Procedures should be in place to update the policy based on changes in privacy laws or regulations, or changes in business processes.

Top Downloaded Resources:

  • Annotated comprehensive privacy policy
  • Annotated employee privacy policy
  • Checklist for creating and maintaining an employee privacy policy

Learn More about Nymity Templates™

To gain a greater understanding of how your organisation could benefit from the diverse resources contained in Nymity Templates, read more about the tool, or contact the Nymity team at (647) 260-6230.

You may also like:

GDPR Resources
Top 5 Most-Downloaded Privacy Management Resources

As organisations continue their GDPR readiness, it can be helpful to gain an understanding of the technical and organisa...