As part of its Summer / Fall Privacy Insight Series, TrustArc hosted a webinar where Charles Nwasor of Ensono, Paul Iagnocco and Margaret Alson of TrustArc spoke about the EU GDPR Article 30 requirements.
Article 30 pertains to Records of Processing Activities. Not only do organizations have to keep records, but also,
The controller or the processor and, where applicable, the controller’s or the processor’s representative, shall make the record available to the supervisory authority on request.
While creating data maps are not required, many organizations find them very useful. Data maps, or data flow maps, are visual representations of data flows that help organizations understand data movements across borders, and within critical aspects of an organization’s data environments. Data flows are extremely complex in most organizations, so capturing those flows in a linear spreadsheet can be difficult. Visual representations of these complex relationships are easier to understand and can be used as a communication tool across the organization.
The panelists spoke about two different ways of conducting data flow maps, and the benefits and drawbacks of using each method. The two methods are: the IT/Systems Based Approach and the Process Based Approach. For example, one benefit of using the Process Based Approach is that organization oftentimes get more accurate results. The Systems Based Approach may miss those systems that are being used “off the record”.
To find out more about mastering Article 30 requirements, you can listen to the webinar on demand here. Other topics covered include:
- Methodology & tools;
- How to get internal buy-in;
- Where to start; and what’s next
TrustArc offers tools and solutions through a proven methodology to evaluate readiness, build a plan, and then implement the plan for GDPR compliance. The Build, Implement & Demonstrate approach coupled with our integrated technology solution helps companies manage a sustainable GDPR program. To find out more, contact us to learn more about TrustArc GDPR solutions.