• Organisational & technical security measures to protect and safeguard privacy

Now the focus is shifting to the implementation of controls, and good understanding of which security measures to choose is needed.

• Data Privacy Impact Assessment (DPIA) methodology & processes DPIA templates

In order to be able to systematically make mature impact assessments and risk based decisions, a formalised approach need to be synthesised into a methodology accompagnied by appropriate collection mechanisms. Because Data Privacy is here to stay.

• ICT Data processing Register templates
• ICT Data processing register processes

In order to enable a systematic approach to take inventory of relevant processing a formalised process with according template is most useful.

• User consent processes

To be able to offer a similar and relevant mechanism to obtain consent from so called Users, including personnel, a formalised approach condensed into processes is most useful.

• Data Access Management Processes (Data portability, data access, data deletion)

 Again it is all about making things explicit along a large set of dimensions. And please do not forget to apply relevant Information security controls.

• Data Transfer outside EU procedure

In case your organisation is involved in either one time or recurrent Privacy Data transfer outside the EU, please cater for a specific procedure.

• Data breach notification processes & mechanism

Unless your organisation is disconnected forever, such processes and mechanisms need to be implemented and verified with relevant National Authority.

• Information Security Risk Management methodology

After the challenge of implementing GDPR, more organisations will have come to understand the need to bring the organisation to a more mature level of ISM, and will want to formalise their approach into a methodology.

• Information Risk Assessment

The ISM methodology will want to make use of a more formal approach to assess IR.