SlideShare a Scribd company logo

GDPR RACI.pdf

Using RACI Chart for GDPR implementation

1 of 18
Download to read offline
Using RACI Chart for
GDPR implementation
Andrey Prozorov, CISM, CIPP/E
2020-05-25
2
Andrey Prozorov, CIPP/E, CISM
• Information Security Methodology Manager
• 15 years in information security (12 years in data protection and privacy)
• My Patreon (ISMS and GDPR toolkits) - www.patreon.com/AndreyProzorov
• My blog (in Russian) - http://80na20.blogspot.com
Agenda
• RACI Chart (intro)
• My Case:
• My Data Protection Framework
• My Governance Model
• My GDPR Activities
• My RACI Chart
3
My first contact with RACI chart
2009-2010, COBIT 4.1, example: PO4 Define the IT Processes, Organisation and Relationships
4
Thanks, Wiki!
A responsibility assignment matrix (RAM), also known as RACI matrix
or linear responsibility chart (LRC), describes the participation by
various roles in completing tasks or deliverables for a project or
business process.
RACI is an acronym derived from the four key responsibilities most
typically used: responsible, accountable, consulted, and informed.
It is used for clarifying and defining roles and responsibilities in cross-
functional or departmental projects and processes.
There are a number of alternatives to the RACI model (e.g. RASI, PARIS,
PACSI, DACI, PDQA, RASCEIO)
5
RACI
• Responsible (R): role that performs an activity or does the work.
• Accountable (A): role that is ultimately accountable and has Yes/No/Veto.
Also approver or final approving authority. There must be only one
accountable specified for each task or deliverable.
• Consulted (C): role that helps and advises.
• Informed (I): role that needs to know of the decision or action.
6
Why is it effective?
• Simple and short description
• Adaptable
• Helicopter view (complete list and links)
7
COBIT 2019: APO13 — Managed Security
8
COBIT 2019: APO13 — Managed Security
We have used RACI for the ISMS implementation.
Let’s use it for GDPR compliance… 9
My Case
• Construction and Energy sector
• >250 employees
• EU + Russia
• ISO 9001, ISO 27001…
10
My Data Protection Framework (33 pages)
11
My Data Protection Framework (33 pages)
12
Data Protection Governance Model
Who else?
• Representatives
• Internal Audit
• Risk Manager
• Procurement
• Compliance
• …
13
1. Planning (6) 2. Processing (6)
3. Security (5)
4. Control, Report and
Respond (4)
GDPR
Activities (21)
14
15
16
17
Lessons Learned:
• Choose a suitable level of detail
• Use other examples for inspiration
• Discuss and align everything in advance
• Conduct periodic reviews and update the
chart
Andrey Prozorov, CIPP/E, CISM
• My Patreon (ISMS and GDPR toolkits) -
www.patreon.com/AndreyProzorov
• My blog (in Russian) - http://80na20.blogspot.com
• Email - prozorov.info@gmail.com
Thanks!

Recommended

ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 

More Related Content

What's hot

COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy PresentationSarah Cortes
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery  of ISO-27000 Se.(ISMS)Reporting about Overview Summery  of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)AHM Pervej Kabir
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019Gregor Polančič
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000Ramana K V
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDPranav Shah
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
 

What's hot (20)

COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy Presentation
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery  of ISO-27000 Se.(ISMS)Reporting about Overview Summery  of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by design
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
 

Similar to GDPR RACI.pdf

Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information SecuritySeto Joseles
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkIJCSIS Research Publications
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Nikki Chapple
 
Blockchain workshop design thinking and technical workshop
Blockchain workshop   design thinking and technical workshopBlockchain workshop   design thinking and technical workshop
Blockchain workshop design thinking and technical workshopJuarez Junior
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic ConceptsSpyros Ktenas
 
A cloud readiness assessment framework
A cloud readiness assessment frameworkA cloud readiness assessment framework
A cloud readiness assessment frameworkCarlo Colicchio
 
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799Abhinav Goyal
 
Is Your E-Business Suite Data Visible After An M&A Event?
Is Your E-Business Suite Data Visible After An M&A Event?Is Your E-Business Suite Data Visible After An M&A Event?
Is Your E-Business Suite Data Visible After An M&A Event?SmartDog Services
 
Identity & Access Governance
Identity & Access GovernanceIdentity & Access Governance
Identity & Access GovernanceHorst Walther
 
Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Continuity and Resilience
 
Iris business architect strategies for migrating government legacy enterpri...
Iris business architect   strategies for migrating government legacy enterpri...Iris business architect   strategies for migrating government legacy enterpri...
Iris business architect strategies for migrating government legacy enterpri...Cloud Best Practices Network
 
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...Vanguard Visions
 
Mi0036 business intelligence & tools...
Mi0036  business intelligence & tools...Mi0036  business intelligence & tools...
Mi0036 business intelligence & tools...smumbahelp
 
Mi0036 business intelligence & tools...
Mi0036  business intelligence & tools...Mi0036  business intelligence & tools...
Mi0036 business intelligence & tools...smumbahelp
 
Struktur Komponen, Area Fokus, Faktor Desain.pdf
Struktur Komponen, Area Fokus, Faktor Desain.pdfStruktur Komponen, Area Fokus, Faktor Desain.pdf
Struktur Komponen, Area Fokus, Faktor Desain.pdfDhata Praditya
 

Similar to GDPR RACI.pdf (20)

Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information Security
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grc
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance Framework
 
Cobit_5_Checklist.pdf
Cobit_5_Checklist.pdfCobit_5_Checklist.pdf
Cobit_5_Checklist.pdf
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
 
Blockchain workshop design thinking and technical workshop
Blockchain workshop   design thinking and technical workshopBlockchain workshop   design thinking and technical workshop
Blockchain workshop design thinking and technical workshop
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
 
A cloud readiness assessment framework
A cloud readiness assessment frameworkA cloud readiness assessment framework
A cloud readiness assessment framework
 
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
 
Is Your E-Business Suite Data Visible After An M&A Event?
Is Your E-Business Suite Data Visible After An M&A Event?Is Your E-Business Suite Data Visible After An M&A Event?
Is Your E-Business Suite Data Visible After An M&A Event?
 
Identity & Access Governance
Identity & Access GovernanceIdentity & Access Governance
Identity & Access Governance
 
Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!
 
Iris business architect strategies for migrating government legacy enterpri...
Iris business architect   strategies for migrating government legacy enterpri...Iris business architect   strategies for migrating government legacy enterpri...
Iris business architect strategies for migrating government legacy enterpri...
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...
 
Mi0036 business intelligence & tools...
Mi0036  business intelligence & tools...Mi0036  business intelligence & tools...
Mi0036 business intelligence & tools...
 
Mi0036 business intelligence & tools...
Mi0036  business intelligence & tools...Mi0036  business intelligence & tools...
Mi0036 business intelligence & tools...
 
Struktur Komponen, Area Fokus, Faktor Desain.pdf
Struktur Komponen, Area Fokus, Faktor Desain.pdfStruktur Komponen, Area Fokus, Faktor Desain.pdf
Struktur Komponen, Area Fokus, Faktor Desain.pdf
 

More from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

More from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001 (20)

NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
 
pr ISMS Documented Information (lite).pdf
pr ISMS Documented Information (lite).pdfpr ISMS Documented Information (lite).pdf
pr ISMS Documented Information (lite).pdf
 
ISO Survey 2022: ISO 27001 certificates (ISMS)
ISO Survey 2022: ISO 27001 certificates (ISMS)ISO Survey 2022: ISO 27001 certificates (ISMS)
ISO Survey 2022: ISO 27001 certificates (ISMS)
 
My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
My 15 Years of Experience in Using Mind Maps for Business and Personal PurposesMy 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdf
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
 
How to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdfHow to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdf
 
pr Privacy Principles 230405 small.pdf
pr Privacy Principles 230405 small.pdfpr Privacy Principles 230405 small.pdf
pr Privacy Principles 230405 small.pdf
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
ISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdf
 
Supply management 1.1.pdf
Supply management 1.1.pdfSupply management 1.1.pdf
Supply management 1.1.pdf
 
Employee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdfEmployee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdf
 
GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdf
 
GDPR EU Institutions and bodies.pdf
GDPR EU Institutions and bodies.pdfGDPR EU Institutions and bodies.pdf
GDPR EU Institutions and bodies.pdf
 
Data protection RU vs EU
Data protection RU vs EUData protection RU vs EU
Data protection RU vs EU
 
IS Awareness in practice, isaca moscow 2019 10
IS Awareness in practice, isaca moscow 2019 10IS Awareness in practice, isaca moscow 2019 10
IS Awareness in practice, isaca moscow 2019 10
 
Про работу на Западе (Прозоров)
Про работу на Западе (Прозоров)Про работу на Западе (Прозоров)
Про работу на Западе (Прозоров)
 
About TM for CISO (rus)
About TM for CISO (rus)About TM for CISO (rus)
About TM for CISO (rus)
 

Recently uploaded

Freeman_Abigail Personal Brand Exploration
Freeman_Abigail Personal Brand ExplorationFreeman_Abigail Personal Brand Exploration
Freeman_Abigail Personal Brand Explorationabbytoliver
 
Vazquez_Gabriel_SPCASTNG_PB1_2024-02.pdf
Vazquez_Gabriel_SPCASTNG_PB1_2024-02.pdfVazquez_Gabriel_SPCASTNG_PB1_2024-02.pdf
Vazquez_Gabriel_SPCASTNG_PB1_2024-02.pdfgabev3104
 
Exploring Wisdom-Based Leadership.pptx
Exploring Wisdom-Based Leadership.pptxExploring Wisdom-Based Leadership.pptx
Exploring Wisdom-Based Leadership.pptxAkash Das
 
Reflection Vs Technical Rationality - By Dr. Cherinet Aytenfsu Weldearegay (2...
Reflection Vs Technical Rationality - By Dr. Cherinet Aytenfsu Weldearegay (2...Reflection Vs Technical Rationality - By Dr. Cherinet Aytenfsu Weldearegay (2...
Reflection Vs Technical Rationality - By Dr. Cherinet Aytenfsu Weldearegay (2...Dr. Cherinet Aytenfsu Weldearegay
 
YA Presentation 2024 03 03_ Service.pptx
YA Presentation 2024 03 03_ Service.pptxYA Presentation 2024 03 03_ Service.pptx
YA Presentation 2024 03 03_ Service.pptxFamilyWorshipCenterD
 
Relationships in Teaching By Dr. Cherinet Aytenfsu Weldearegay (2023).pdf
Relationships in Teaching By Dr. Cherinet Aytenfsu Weldearegay (2023).pdfRelationships in Teaching By Dr. Cherinet Aytenfsu Weldearegay (2023).pdf
Relationships in Teaching By Dr. Cherinet Aytenfsu Weldearegay (2023).pdfDr. Cherinet Aytenfsu Weldearegay
 
Rivera_Victor_BUS_PB1_2024-January03.pdf
Rivera_Victor_BUS_PB1_2024-January03.pdfRivera_Victor_BUS_PB1_2024-January03.pdf
Rivera_Victor_BUS_PB1_2024-January03.pdfvxrivera
 
Garcia_RobertDaniel_SPCSTA_PB1_2024-02.pptx
Garcia_RobertDaniel_SPCSTA_PB1_2024-02.pptxGarcia_RobertDaniel_SPCSTA_PB1_2024-02.pptx
Garcia_RobertDaniel_SPCSTA_PB1_2024-02.pptx0461620
 
Monthly HSE Report March for overall HSE
Monthly HSE Report March for overall HSEMonthly HSE Report March for overall HSE
Monthly HSE Report March for overall HSEOlgaOliveaJohn
 
Issues affecting LGBT as they grow older.pptx
Issues affecting LGBT as they grow older.pptxIssues affecting LGBT as they grow older.pptx
Issues affecting LGBT as they grow older.pptxbill846304
 
TheSimpsons_Fandom_Assignment_4.5pc.pptx
TheSimpsons_Fandom_Assignment_4.5pc.pptxTheSimpsons_Fandom_Assignment_4.5pc.pptx
TheSimpsons_Fandom_Assignment_4.5pc.pptxStevenLuker3
 

Recently uploaded (12)

Freeman_Abigail Personal Brand Exploration
Freeman_Abigail Personal Brand ExplorationFreeman_Abigail Personal Brand Exploration
Freeman_Abigail Personal Brand Exploration
 
Vazquez_Gabriel_SPCASTNG_PB1_2024-02.pdf
Vazquez_Gabriel_SPCASTNG_PB1_2024-02.pdfVazquez_Gabriel_SPCASTNG_PB1_2024-02.pdf
Vazquez_Gabriel_SPCASTNG_PB1_2024-02.pdf
 
Exploring Wisdom-Based Leadership.pptx
Exploring Wisdom-Based Leadership.pptxExploring Wisdom-Based Leadership.pptx
Exploring Wisdom-Based Leadership.pptx
 
Reflection Vs Technical Rationality - By Dr. Cherinet Aytenfsu Weldearegay (2...
Reflection Vs Technical Rationality - By Dr. Cherinet Aytenfsu Weldearegay (2...Reflection Vs Technical Rationality - By Dr. Cherinet Aytenfsu Weldearegay (2...
Reflection Vs Technical Rationality - By Dr. Cherinet Aytenfsu Weldearegay (2...
 
YA Presentation 2024 03 03_ Service.pptx
YA Presentation 2024 03 03_ Service.pptxYA Presentation 2024 03 03_ Service.pptx
YA Presentation 2024 03 03_ Service.pptx
 
Relationships in Teaching By Dr. Cherinet Aytenfsu Weldearegay (2023).pdf
Relationships in Teaching By Dr. Cherinet Aytenfsu Weldearegay (2023).pdfRelationships in Teaching By Dr. Cherinet Aytenfsu Weldearegay (2023).pdf
Relationships in Teaching By Dr. Cherinet Aytenfsu Weldearegay (2023).pdf
 
Rivera_Victor_BUS_PB1_2024-January03.pdf
Rivera_Victor_BUS_PB1_2024-January03.pdfRivera_Victor_BUS_PB1_2024-January03.pdf
Rivera_Victor_BUS_PB1_2024-January03.pdf
 
Garcia_RobertDaniel_SPCSTA_PB1_2024-02.pptx
Garcia_RobertDaniel_SPCSTA_PB1_2024-02.pptxGarcia_RobertDaniel_SPCSTA_PB1_2024-02.pptx
Garcia_RobertDaniel_SPCSTA_PB1_2024-02.pptx
 
Monthly HSE Report March for overall HSE
Monthly HSE Report March for overall HSEMonthly HSE Report March for overall HSE
Monthly HSE Report March for overall HSE
 
Issues affecting LGBT as they grow older.pptx
Issues affecting LGBT as they grow older.pptxIssues affecting LGBT as they grow older.pptx
Issues affecting LGBT as they grow older.pptx
 
Tethex Cards - Crypto VISA Card - Invest 2 ENGLISH
Tethex Cards - Crypto VISA Card - Invest 2 ENGLISHTethex Cards - Crypto VISA Card - Invest 2 ENGLISH
Tethex Cards - Crypto VISA Card - Invest 2 ENGLISH
 
TheSimpsons_Fandom_Assignment_4.5pc.pptx
TheSimpsons_Fandom_Assignment_4.5pc.pptxTheSimpsons_Fandom_Assignment_4.5pc.pptx
TheSimpsons_Fandom_Assignment_4.5pc.pptx
 

GDPR RACI.pdf

  • 1. Using RACI Chart for GDPR implementation Andrey Prozorov, CISM, CIPP/E 2020-05-25
  • 2. 2 Andrey Prozorov, CIPP/E, CISM • Information Security Methodology Manager • 15 years in information security (12 years in data protection and privacy) • My Patreon (ISMS and GDPR toolkits) - www.patreon.com/AndreyProzorov • My blog (in Russian) - http://80na20.blogspot.com
  • 3. Agenda • RACI Chart (intro) • My Case: • My Data Protection Framework • My Governance Model • My GDPR Activities • My RACI Chart 3
  • 4. My first contact with RACI chart 2009-2010, COBIT 4.1, example: PO4 Define the IT Processes, Organisation and Relationships 4
  • 5. Thanks, Wiki! A responsibility assignment matrix (RAM), also known as RACI matrix or linear responsibility chart (LRC), describes the participation by various roles in completing tasks or deliverables for a project or business process. RACI is an acronym derived from the four key responsibilities most typically used: responsible, accountable, consulted, and informed. It is used for clarifying and defining roles and responsibilities in cross- functional or departmental projects and processes. There are a number of alternatives to the RACI model (e.g. RASI, PARIS, PACSI, DACI, PDQA, RASCEIO) 5
  • 6. RACI • Responsible (R): role that performs an activity or does the work. • Accountable (A): role that is ultimately accountable and has Yes/No/Veto. Also approver or final approving authority. There must be only one accountable specified for each task or deliverable. • Consulted (C): role that helps and advises. • Informed (I): role that needs to know of the decision or action. 6
  • 7. Why is it effective? • Simple and short description • Adaptable • Helicopter view (complete list and links) 7
  • 8. COBIT 2019: APO13 — Managed Security 8
  • 9. COBIT 2019: APO13 — Managed Security We have used RACI for the ISMS implementation. Let’s use it for GDPR compliance… 9
  • 10. My Case • Construction and Energy sector • >250 employees • EU + Russia • ISO 9001, ISO 27001… 10
  • 11. My Data Protection Framework (33 pages) 11
  • 12. My Data Protection Framework (33 pages) 12
  • 13. Data Protection Governance Model Who else? • Representatives • Internal Audit • Risk Manager • Procurement • Compliance • … 13
  • 14. 1. Planning (6) 2. Processing (6) 3. Security (5) 4. Control, Report and Respond (4) GDPR Activities (21) 14
  • 15. 15
  • 16. 16
  • 17. 17 Lessons Learned: • Choose a suitable level of detail • Use other examples for inspiration • Discuss and align everything in advance • Conduct periodic reviews and update the chart
  • 18. Andrey Prozorov, CIPP/E, CISM • My Patreon (ISMS and GDPR toolkits) - www.patreon.com/AndreyProzorov • My blog (in Russian) - http://80na20.blogspot.com • Email - prozorov.info@gmail.com Thanks!