Dynamic Privacy Policies with DPOrganizer's Transparency Widget
Date: 12 February 2018
The GDPR (General Data Protection Regulation) is a complex beast at best, with some estimates as low as 15% of organisations being ready for May 25th. Questions and challenges are swirling around various board and meeting rooms regarding how to respond to subject access requests, how long do we retain personal data and what legal basis they have for processing...and that is just the tip of the iceberg.
Dusting off the Privacy Notice
Compliance with the regulation is said not just the the right thing to do but also, good for business. But how do data subjects know that you are complying, so that you can benefit from your good work?
The GDPR Transparency Widget
As a management overlay, DPOrganizer collates information about the types of personal data you process and collect; the data stores where you keep personal data; the applications which have access to those data stores and the permissions application users have; and any third-party processors; their processing instructions and locations. This is a very concise list of information which DPOrganizer can be fed, all of which is stored in a relational database, providing reporting and drill-down capabilities. Ultimately, with all the by feeding DPOrganizer with your effective GDPR posture, will be able to re-consume that information in a clearer manner.
The transparency widget expands on this principle by extending some of that stored information into the public realm by way of a dynamic lookup tool on your public website. With one simple drop-down menu, a visitor to your website is able to select which type of user they are (all defined by you) and as view a mini report displaying:
- Personal data items collected.
- Sources of that personal data.
- Lawful basis for processing.
- Any third-parties that personal data is shared with and their processing activity.
Making GDPR Easier
It is often remarked that those who have been compliant with the Data Protection Directive 1995, should have no problem with becoming GDPR compliant. This is of course true, a shorter leap is easier than a longer one, however it over simplifies the task. The GDPR is going to involve both technological and cultural change, which will be testing to even the most flexible of organisations. With DPOrganizer, those changes are not avoided but the ability to spot where changes need to be made and the ongoing review of those implemented changes are easier to see and manage.
Whether you use the map view to plot controllers, databases, processors and third-parties; or you use the output report to gap assess; or you use the DP manager feature to request department leaders, business leaders and regional managers to review their own exposure to the GDPR in the DPOrganizer management console, it is hard not to see the value in solution.