Practical GDPR tips for any Data Protection Officer

A key requirement of GDPR is that organisations must now employ a data protection officer (DPO), who will have overall responsibility for ensuring GDPR compliance for that organisation.

It’s a highly demanding role, but luckily, with GDPR deadlines now looming very large indeed, there is no shortage of advice around on how best to manage GDPR compliance. However….much of this advice is theoretical and given by people who lack hands-on experience. What would be far more useful for a DPO, is practical and specific advice, given by an expert in the field and experienced in ensuring organisations stay on the right side of compliance requirements.

That’s why we have created our latest whitepaper 10 practical tips to ensure compliance for data protection officers. We want to offer smart, sensible and practical tips that will be genuinely helpful, especially when it comes to building and maintaining a link between the business owner and the organisation’s data.

We have worked on many GDPR compliance projects over the last 12 months and are currently finalising GDPR requirements for one of Europe’s leading medical service providers. So when it comes to practical measures to ensure compliance, there isn’t much that we don’t know. Feel free to pick our brains on all matters GDPR.

  • One of OXIAL’s GDPR experts will provide tangible and specific pointers on how best to approach GDPR compliance, NOT just high-level strategy. Here is an overview of some really key points:

    • Use pre-loaded models for your initial assessment program. This will be more accurate and give a more realistic idea about what is required.
    • Document all of your business processes that manipulate PI data structures. Processes are vitally important in GDPR and documenting these is critical for identifying risk in GDPR.
    • Supervise security measures deployment with alerts on delays. Your data will be hacked at some point, so a DPO must be ready, knowing what data is protected and being alerted to any security delays.
    • An over-arching goal must be to build links between the business owner and the organisation’s data. Any GDPR project is too large and too complex for IT to address this without this link, and IT cannot identify PI information on its own.

DPOs have a tough role, and it did not end on 25 May 2018 either, as that’s really just the beginning of GDPR requirements. So DPOs need all the help they can get – drop us a line if you think you might need a hand with GDPR.

OXIAL’s New Generation GRC solutions are entirely built to address some of the greatest challenges impacting organisations that

are faced with Risk Management, Internal Control and Compliance and Audit. OXIAL’s integrated GRC platform enables

organisations to become more efficient and effective in mitigating risk by integrating and automating GRC processes on a global

scale.

Featuring intuitive and powerful tools that make it possible to respond to fast-evolving risk environments, OXIAL makes it easy to

synchronise corporate governance, enterprise risk management and corporate compliance activities and undertake real time

monitoring across all business and IT processes and company assets. OXIAL operates globally across multiple industries and

meets the needs of over 40 customers who have chosen OXIAL to drive business performance and achieve success.