IT Security/Processes and Systems
Identification and creation of Inventory of processing activities and systems
The Inventory of processing activities, also named Record of Processing Activities or RoPA, is the cornerstone of every privacy program. It is mandated by many global regulations, and it is the guiding star of your privacy efforts. If your company does not have one, we will help you create one by collecting the necessary information and structuring it into a useful tool. We can deliver it into any privacy technology you might have acquired.
Validation of Inventory of processing activities and systems
Often inventories fall out of date and do not represent the real processing taking place. We will help you validate your inventory, bring it up to date and propose process adjustments to ensure it is kept up to date.
Support on evaluation and remediation of Data Breaches
When a data incident or a data breach happen, there is a lot of information to be considered and little time to meet the Regulator’s expectations. Preparation is key: embed privacy into you Incident Response Plans, train your responders, rehearse the plan. We can help you with all of them. Poor response to Data Breaches, or even failure to identify whether it´s a notifiable data breach or just an incident not due to be reported, often leads to Regulator’s harsh action.
Review or proposal of Technical & Organizational Measures (“TOMs”)
Evil is in the details. TOMs can make or break the compliance of a process or data export and even make you lose the trust of prospective customers, if you haven´t implemented the necessary TOMs to protect your activities and systems. We will help you assess your measures and to ensure whatever residual risk is accepted by the law and you keep your accountability intact.
Assessment of Data Cybersecurity posture
Often TOMs become complex and very technical, considering details frequently require IT Security expertise. If you need such skills, we can be there to help you.