May 25, 2018 is almost knocking at our door, yet there's still time to summarize the main tools available to help the Privacy Officers to check up the work they did in carrying out the required activities to make their company - or work activities - compliant with the new General Data Protection Regulation (EU) 2016/679, better known as GDPR.
Those who missed our previous GDPR posts and insights should definitely start with the following articles:
- The free Security of Personal Data Processing Handbook by ENISA.
- The free Privacy and Data Protection for Mobile Devices Handbook, also by ENISA
- The "La Protezione dei Dati è un diritto di Libertà" video released by the Italian Privacy Authority.
- Our very own How to deal with GDPR - Plan, Do, Check, Act guide, featuring a useful summary of the main IT and administrative aspects of the 2016/679 EU regulation and a checklist of things to do to adapt.
- The Privacy & Compliance category, containing all the GDPR-related posts, thoughts and analysis regarding key aspects such as: data mining, profiling, consent acceptance & more.
To these valuable contributions we would like to add the following resources that will greatly help the Privacy Officers to check on their work and to pinpoint what is yet to be done (if any):
- Guide to the application of the European Regulation on Personal Data Protection by the Italian Data Protection Authority: halfway between a manual and an infographic, it's a rather useful document to focus on the various areas of intervention and make the point of the situation.
- Time’s Up! Ready or Not, Here Comes GDPR: webinar by a series of professionals (ISC) 2 - Chuck Gaughf, Graham Jackson and Bruce Beam - which describes the main changes and changes introduced by the legislation.
- GDPR Compliance - Don’t Let Your SIEM Be Your Downfall, another webinar edited by (ISC) 2 where Adrian Davis (EMEA) and Matthias Maier (Product Director of the well-known Splunk software) help to focus on one of the main risks connected with the introduction of the GDPR: the possibility that the software used for the collection of the logs of our systems (SIEM, acronym for Security information and Event Management) are neglected by the Privacy Officer during the compilation of the treatment register and / or the Privacy Impact Assessment.
- Countdown to GDPR: Reduce your Risk, great webcast by Darron Gibbard (Managing Director EMEA North) and Jonathan Armstrong (Cordery Partner) on the fundamental steps to be taken for a Privacy Officer who does not want to be caught unprepared on May 25: the main focus on which to concentrate his work, the company interlocutors to be involved, and other valuable tips to reduce the exposure of their structure.
- 5 steps to GDPR Compliance: a useful task-list written and explained by Nitin Agale (Securonix) and Alex Rodrigues (Big Data International) which illustrates the main steps to be followed for companies wishing to comply with the new regulations.
- The GDPR Deadline Readiness and Impact to Global Organizations Outside the EU, webcast in which Tim White, Director of Product Management at Qualys Inc., reflects and reflects on the main impacts of the GDPR on the activities of companies that operate (also) outside the European Union.
- GDPR Italia - Operatori e Consulenti, the main LinkedIn group for Italian privacy officers and professionals: most of the advice in this article have been published there - by the writer or by other insiders.
- Prioritization of Vulnerabilities in a Modern IT Environment, webinar by Josh Zelonis (Qualys, Inc.) and Jimmy Graham (Forrester, Inc.): although not immediately connected to the GDPR, it is an extremely useful video to summarize the steps you need to follow to protect your own corporate IT environment and avoid being the subject of possible Data Breaches.
- Wikipedia GDPR page, providing a useful summary of the main articles, topics covered and application scenarios of the new regulation.
All the webcasts and webinars listed above are accessible for free through the BrightTALK platform, which in recent years has become an essential training tool for anyone wishing to keep their arsenal of computer skills up to date in a highly dynamic reality like the current one.
We conclude the list by presenting a series of guides and documents published by some vendors selling their IT Auditing, Data Protection and Security products and/or services. Although they are quality resources, we would like to present them in a separate list as they are inevitably made with the intention of presenting their technology to the reader; it is therefore essential to read them paying attention to separate the general aspects from the commercial suggestions, which is also valid for many of the webinars presented above.
- The Definitive GDPR Handbook for IT Compliance by ManageEngine
- Simple Guide to GDPR Data Protection by Virtru
PIA Software (by CNIL)
We couldn't end the list without mentioning the very interesting PIA Software project, an open-source application developed by the CNIL (Commission Nationale de l'Informatique et des Libertés) that allows the creation of the Privacy Impact Assessments connected to the various types of data processed. The software, distributed via the well-known GitHub platform, is available in two modes: a Portable Version with native builds for Windows, Linux and MacOS architectures and a Web Version - built around a back-end hosting a centralized database and a HTML5 front-end client to be used with any browser.
The main difference between the two versions is that the former can be used in stand-alone mode, thus allowing the storage of its PIAs on the local PC, while the second - particularly suited for large companies - provides a centralized repository on a dedicated server in Ruby on Rails and PostgreSQL technology (for the back-end) and a HTMl5 web client accessible from any browser as a front-end.
We found particularly noteworthy that the Portable Version, while allowing the storage of PIAs in the local environment, can also be connected to the centralized back-end - provided you have installed it - and thus be used in client-server mode just like the Web Version does.
That's it for now: we sincerely hope this article can help those who, like us, are called to coordinate this historic adjustment path for their company and / or those of their customers. Good work and ... good luck!