Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
1
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Best Practices to Create a ...
2
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Today’s Speakers
RAY EVERETT
Principal Consultant...
3
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
•Welcome & Introductions
•Getting Started
•Execut...
4
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Getting Started
Scoping, Re...
5
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
• Determine the organization’s objectives
– Compl...
6
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
• Identify roles and responsibilities BEFORE any ...
7
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
• Data Inventories can be used throughout the org...
8
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Veronika Tonry, President, ...
9
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
The key to a successful GDPR implementation
10
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
• Adapt the discovery to your company culture
• ...
11
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Ray Everett, Principal Con...
12
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
• Inventory should point to many action items
– ...
13
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
• “Institutionalize” your Map with a Privacy Com...
14
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Questions?
15
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
For more information on Da...
16
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Register now for the next ...
Upcoming SlideShare
Loading in …5
×

Best Practices to Create a Data Inventory and Meet GDPR Compliance [Webinar Slides]

5,634 views

Published on

Watch the FULL webinar on-demand w/ these slides at this link: https://info.truste.com/how-to-create-maintain-data-inventory-webinar.html

Where’s your data? Understanding the data flows and data policies and procedures across the Company is the foundation of any privacy and data governance program and essential for GDPR compliance. This new regulatory requirement is forcing many companies to finally tackle this exercise head-on. Not sure where to start?

Register now to watch this free on-demand webinar as our speakers:

- shared their experiences in creating data inventories for a range of enterprises
- provided tips and templates to help set you up for success
- reviewed how the data inventory can be used by different teams including privacy, infosec, IT and risk and compliance.
- showed the creation of simple data flow maps that can be easily maintained across the organization

Watch this webinar to help you understand the tools, resources and methodology companies are using to establish a baseline of data assets and obligations and get on the fast track to GDPR compliance.

Make sure to register NOW to watch the on-demand webinar: https://info.truste.com/how-to-create-maintain-data-inventory-webinar.html

To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/

Published in: Law
  • Login to see the comments

Best Practices to Create a Data Inventory and Meet GDPR Compliance [Webinar Slides]

  1. 1. 1 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Best Practices to Create a Data Inventory & Meet GDPR Compliance January 24, 2017
  2. 2. 2 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Today’s Speakers RAY EVERETT Principal Consultant (US), TRUSTe VERONIKA TONRY President, Privacy Know How, former Global Privacy Manager at Chevron and Applied Materials GUY SEREFF Corporate Counsel, Level 3 Communications
  3. 3. 3 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 •Welcome & Introductions •Getting Started •Executing •Next Steps •Q&A Today’s Agenda
  4. 4. 4 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Getting Started Scoping, Resourcing, Organizational Buy-In Guy Sereff, Corporate Counsel, Level 3 Communications
  5. 5. 5 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 • Determine the organization’s objectives – Compliance with specific frameworks? – Developing a new Privacy Program? – Refreshing an existing Privacy Program? • Identify logical business units Scoping the Data Inventory Project
  6. 6. 6 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 • Identify roles and responsibilities BEFORE any work begins – Project Manager – Business Unit Leads – Subject Matter Experts • Set realistic expectations for the level of effort required to complete the project Resourcing the Data Inventory Project
  7. 7. 7 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 • Data Inventories can be used throughout the organization – Legal and regulatory compliance – Identification of application and storage redundancies – Guide for developing information security framework – Introduction or reinforcement of Privacy by Design concept for application lifecycles – Identification of new data types and uses • Compliance with GDPR is going to be difficult without a current Data Inventory – Privacy Impact Assessment requirements – Demonstrable compliance – Required data processing registries – Compliance requirements for wholly automated decision making – Data subject rights Organizational Buy-In
  8. 8. 8 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Veronika Tonry, President, Privacy Know How Execution Discovery, Documentation, and Analysis
  9. 9. 9 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 The key to a successful GDPR implementation
  10. 10. 10 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 • Adapt the discovery to your company culture • Intake Process – Do your homework before you interview the organization – Be clear around expectations and define the terminology – Have examples of processes ready – Develop a methodology to execute efficiently • Document to identify risks and make decisions – Identify high risk processing and evaluate impact – Classify your data: Individual information elements + combined data sets – Develop action plans from the analysis and findings Best Practices
  11. 11. 11 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Ray Everett, Principal Consultant, TRUSTe Next Steps Turn Findings into Action, Keeping a “Living” Inventory
  12. 12. 12 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 • Inventory should point to many action items – High risk data elements – Data repositories that need monitoring, controls, policies – Access and External Transfers that need monitoring, controls, policies – Vendors/Partners requiring contractual language, reviews/audits, controls • Maps should point to processes that need regular scrutiny – Gaps in controls, policies – Processes that need new/periodic PIAs – Maps should identify vendors who need periodic audits • Inventory and Maps should also – Support the case for resourcing – Identify your Privacy Committee members Translating the Data Inventory into Action
  13. 13. 13 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 • “Institutionalize” your Map with a Privacy Committee – People ignore documents, they can’t (always) ignore a recurring meeting  – Privacy Committee agenda driven by action items, PIA reviews and Data Inventory updates • Inventory Drives Initial & Recurring Actions – Define and build support for action items – Review progress and results with the Privacy Committee • Integrate Data Map updates into PIA for products/services/vendors – “Bottom-up” updates – Changes to flows may ripple across organization in unexpected ways • Define a Cadence for Review/Refreshment – “Top-down” updates – Keep all stakeholders informed of strategic changes, impacts to their business units “Map Your Team, Team Up on Mapping”
  14. 14. 14 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Questions?
  15. 15. 15 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 For more information on Data Inventory examples, schedule a consultation: https://www.truste.com/business-products/privacy-consulting/data-inventory- and-classification/contact-us/ Ray Everett reverett@truste.com Veronika Tonry veronika@privacyknowhow.com Guy Sereff guy.sereff@level3.com Contacts
  16. 16. 16 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Register now for the next webinar in our 2017 Winter/Spring Webinar Series on February 23 “Privacy Shield Self-Certification– What’s Next?” See http://www.truste.com/insightseries for the 2017 Privacy Insight Series and past webinar recordings. Thank You!

×