Under the GDPR, regulations have been implemented to ensure that privacy compliance is maintained when processing data within a company. This has been reflected through Article 32 and the importance of ‘technical and organisational measures’.
Technical and Organisational Measures
When processing data, individuals’ personal information may be at risk if it is not handled correctly. For this reason, it is also important for correct security measures to be implemented to protect the freedoms of these consumers. Article 32 directly addresses these concerns through introducing the security of processing. These implementations can be found using Data Protection Policies, Records of Processing Activates, Data Protection specialists and Data Processing Impact Assessments.
We’ve summarised these below:
- Data Protection Policies: Policies such as privacy and data subject rights policies have been created by companies to make consumers aware of their rights and freedoms over their data. Other policies such as Data Breach policies are implemented to improve the internal compliance within a company. This policy is implemented to ensure staff are aware of the correct measures to take, incase there is a risk to the data subjects.
- RoPA: Amongst the vast amount of data going in and out of a company, it is important to keep a record of the processes. By keeping a regular log of active processes, new technology and data assets; compliance is maintained through an organised approach. This process focuses on each department within an organisation and can involve processes such as the contractual necessity in paying staff in HR or the requirement of implementing consent into the company site by the IT team.
- Data Protection Specialists: Article 37 of the GDPR (Designation of the Data Protection Officer) requires a DPO if the core activities involve processing of sensitive data on a large scale or involve regular and systematic monitoring of individuals. By assigning data protection specialists to these roles, compliance is maintained by having individuals allocated to overview the day-to-day processes and data protection requirements.
- DPIA: A Data Protection Impact Assessment (DPIA) is an internal action to help organisations minimise the risk of projects and new data processes. Companies seek to introduce and improve the service provided to their customers. The DPIA procedure is conducted by identifying the new process, assessing the necessity and proportionality of the process – assessing any possible risks, and then mitigating that possible risk. By establishing the DPIA action with an organisation, it allows room for growth in company processes and technology with an action in place to ensure its GDPR compliance.
Get a second opinion on your advertising investment. Find out how Europe’s largest performance marketing agency can combine data science with TV, digital and offline advertising expertise to drive business performance.
ALL RESPONSE MEDIA SERVICES