Data Protection Officer :: Organisation FAQ

Home

About Us

Contact Us

FAQ

Sitemap

Organisation FAQ


	How do I get started with data protection for my business? Our services are designed to help small to medium businesses in getting started with their Data Protection compliance obligation. We can help you to set the right framework for your organisation to operate in as well as support your operation in achieving compliance. The first step ought to be an assessment of your organisation in order to determine the level of compliance you require based on what you do. To book an assessment please email info@dataprotectionofficer.com Defining your business purpose Registration of your business purpose with the ICO Defining your privacy policies and procedures Privacy impact assessment
	Am a small business, how do I manage my data protection obligations myself The first step ought to be an assessment of your organisation in order to determine the level of compliance you require based on what you do. To book an assessment please email info@dataprotectionofficer.com Defining your business purpose Registration of your business purpose with the ICO Defining your privacy policies and procedures Privacy impact assessment
	How do I distribute my privacy policies to my business units and suppliers After you have registered your business purposes with the ICO and established your privacy polices, we can assist you in creating your organisational chart, detailing all your business units and suppliers as well as they key points of contact. Your Privacy unit or Data Protection officer will then be able to issue policy and once loaded all business units and suppliers are automatically alerted of the new policies or procedures Request software
	What are my Information Assets? Information assets depend on what your organisation considers to be an information asset. Some organisations consider key information classes as information assets whilst others consider projects as information assets. Regardless what you determine as an Information asset, we can assist you in putting the register together for you to manage. We can assist you to compile your information asset register; the project will create your first 10 information assets per business unit and hand over to your organisation to maintain. Our solution will allow you to carry out your Privacy Risk Assessment (PIA) and information security risk assessment. Example of an Information Asset Register Information Asset Form Privacy Impact Assessment Form
	With whom do I share my information assets Your Information Assets can often be shared with 3rd parties, the request to share the information assets with 3rd parties can often originate from business units. Our services include Create your information asset register How we create your Information asset register Information asset list Editing an information asset
	How do I manage my Information sharing agreement Information sharing agreement is required when you share your information assets with suppliers. Our Privacy Management tool allows you to map all you information assets with the suppliers with whom you share them with. The tool also allows you to create a mapping Create Information Sharing Agreement
	What is the minimum information security policy I should have in place You organisation needs to have minimum information security policy in place in order to be able to address the various risks that emerge from IT systems. Our approach to minimum information security policy is to design and automate the enforcement thereby enabling your organisation a level of assurance in relation to compliance. We seek to enable automated compliance using your incumbent technology and business processes. For example, if your organisation builds systems (servers or Desktops), we enable the minimum security enforcement at build therefore all systems built after the approved will automatically have the security enabled by default. For more information please email info@dataprotectionofficer.com Request Information Security Policy Overview of minimum information security policy
	How do I implement Privacy impact assessments Privacy impact assessment is required for all your projects and business changes. The aim is to assess your business projects or business changes and ensure your organisation’s privacy policies are enabled. Where there are risks, the aim is that the PIA will produce such a report and allow the project sponsor and Privacy team to come to a mutually beneficial agreement. Risks that can not be mitigated will be listed on the risk register. PIA form Link to overview Link to risk register
	How do I build my Information Asset Register Example of an Information Asset Register Information Asset Form Privacy Impact Assessment Form
	How I do implement data protection training and awareness programme Link to Suppliers
	What is Data leakage Prevention or Data Loss Prevention Data Loss Prevention (DLP) refers to systems that identify, monitor, and protect data in use, for example on laptops endpoint, data in motion for example wireless communications, ingress and egress transmissions, Bluetooth and stationary data for example data storage. It also includes network level devices like deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.), equipped with a centralized management framework often managed by a Security Operations Centre. Our services can source the right system to assist you to detect and prevent the unauthorized use and transmission of confidential information to and from you IT systems. The DLP forms part of our automated minimum security policy Our services include Development of your minimum information security policies Create an implementation strategy Source the appropriate tools that are compatible with your systems Provide support and assistance in the ongoing maintenance

Copyright @ Data Protection Officer 2011.