Tuesday, November 30, 2021

 

LGPD Processing Records Tool

By John Kyriazoglou

Overview

This template available at: https://flevy.com/browse/marketplace/lgpd-processing-records-tool-5983) may be used to record the personal data processing operations of any enterprise in order to comply with the requirements of LGPD (Brazil’s new data protection law).

Personal data usually exist in business functions, processes, IT systems, digital media, CCTV systems, etc.

LGPD does not specify the contents of the processing records of personal data. This tool is based on GDPR, as LGPD is very similar to this regime and on the principles of processing in LGPD.

It is designed to comply with the general requirements of LGPD (Brazil’s Data Protection Regulation, Articles: 3, 6 to 9, 12, 14, 38, 39, 46, 47, 49).

It contains 8 parts (sheets)

Contents

Sheet 1. ‘Read me’: Introduction and related information about using this tool.

Sheet 2. LGPD PD Inventory Template: A list of over 31 fields (e.g., Purpose of Processing, Type of Processing, Type of data, ‘Who’ can access personal data, Processor, Legal Basis of Processing, etc.) with explanatory remarks on how to complete them in order to create the company’s processing records.

Sheet 3. LGPD PD Inventory Example: A completed real example of the fields of the template (e.g., Purpose of Processing, Type of Processing, Type of data, Processor, Legal Basis of Processing, etc.) for a process of a business function (Managing HR Personnel files, in the Human Resources Department).

Sheet 4. Corporate Data: The full details (e.g., name, address, e-mail, telephone) of the controller, the DPO and the processors used by the company.

Sheet 5. Compliance Measures: A list of LGPD Compliance Security and Privacy Measures, such as: Privacy Laws Manual; LGPD Compliance Manager; Gap Analysis; Privacy Training Plan; Personal Data Breach Controls; Encryption Policy; IT Disaster Plan, etc.

Sheet 6. Terms: A description of several LGPD Terms related to this tool (e.g., personal data, sensitive data, etc.).

Sheet 7. Resources: A list of references containing a detail description of all LGPD articles in both English and Portuguese and a set of books to support LGPD Compliance activities.

Sheet 8. PD Examples: A list of over 36 Personal Data Examples, such as: First and last names, Personal Address, Personal e-mail address; Personal identification numbers (PIN) or passwords; Personal telephone number; Photograph or video identifiable to a natural person, etc.

 

Hope this email finds you well. We have just reviewed your product: LGPD Processing Records Tool. Your document is now live on the Flevy Marketplace!

https://flevy.com/browse/marketplace/lgpd-processing-records-tool-5983

 

 

 

Data Protection and Privacy (DP&P) System Description

 

Created by John Kyriazoglou

 

Overview

 

This system ‘Data Protection and Privacy Management System (DP&P System)’ consists of a methodology; 5 phases and 36 steps; numerous outcomes and 42 products; and over 99 detail actions.

 

Objective

 

The objectives of this system are:

1. To enable and facilitate company leaders, managers and staff, to manage better the enterprise’s personal data;

2. To mitigate the usual data protection and privacy risks of collecting and processing personal data; and

3. Comply effectively with the requirements of privacy regimes, such as: EU’s GDPR, Brazil’s LGPD, etc.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DP&P System: Phases, Products and Outcomes

 

 

*Phase 1: Data Protection and Privacy Preparation

 

Phase 1-DP&P Preparation: Process Steps

Step AP# 1: Conduct Privacy Analysis

Step AP# 2: Collect Privacy Laws

Step AP# 3: Analyze Privacy Impact

Step AP# 4: Perform Initial Data Audits and Assessments

Step AP# 5: Establish Data Governance Organization

Step AP# 6: Establish Data Flows and Personal Data Inventory

Step AP# 7: Establish Data Protection and Privacy Program

Step AP# 8: Craft DP& P Implementation Action Plans

 

Phase 1-DP&P Preparation: Products and Outcome

Product 1: Data protection and privacy analysis report (step 1);

Product 2: Privacy Laws Manual (step 2 and 3);

Product 3: Personal Data Audit Report (step 4);

Product 4: Data Flows System (step 6);

Product 5: Personal Data Inventory (step 6);

Product 6: Data Protection Policy (step 6);

Product 7: Privacy Training Plan (step 7);

Product 8: Data Protection and Privacy Program (step 7); 

Product 9: Data Protection and Privacy Organization Report and Budget (steps 1 to 8); and

Product 10: DP& P Implementation Action Plans (steps 1 to 8)

 

The outcome of Phase 1 is to prepare your enterprise (board, management and staff) to be more effective in dealing with the data protection and privacy risks and in managing and resolving these better so that the impact to the company’s operations, brand-name and profits are minimized as much as possible.

 

 

 

*Phase 2: Data Protection and Privacy Organization

 

Phase 2-DP&P Organization: Process Steps

Step OS#1: Maintain Data Privacy Program, Policy and Governance Controls

Step OS#2: Assign and maintain Data Protection and Privacy responsibility

Step OS#3: Maintain Senior Management engagement in Data Protection and Privacy

Step OS#4: Maintain Data Protection and Privacy Commitment

Step OS#5: Maintain regular communication for Data Protection and Privacy issues

Step OS#6: Maintain stakeholder engagement in Data Protection and Privacy matters

Step OS#7: Implement and Operate the Data Protection and Privacy Computerized System.

 

Phase 2-DP&P Organization: Products and Outcome

Product 1: Updated data protection and privacy strategy (step 1);

Product 2: Updated data protection and privacy program (step 1);

Product 3: Data Governance Controls (step 1);

Product 4: Announcement of the appointment of the Data Protection or Privacy Officer (step 2);

Product 5: Communications related to data protection and privacy (step 3, 4, 5 and 6);

Product 6: Data protection and privacy network (step 4);

Product 7: Data protection and privacy role in job descriptions (step 4);

Product 8: Updated Privacy Awareness, Communication and Training Plan (step 5); and

Product 8: Data protection and privacy computerized system (step 7);

 

The outcome of Phase 2 is to establish the data protection and privacy organizational structures for better data protection and privacy implementation.

 

*Phase 3: Data Protection and Privacy Development and Implementation

Phase 3-DP&P Implementation: Process Steps

Step DI#1: Develop and implement Data Protection and Privacy Strategies, Plans and Policies

Step DI#2: Implement Approval Procedure for Processing Personal Data

Step DI#3: Register Databases of Personal Data

Step DI#4: Develop and Implement a Cross-Border Data Transfer System

Step DI#5: Execute DP &P integration activities

Step DI#6: Execute DP &P training plan

Step DI#7: Implement Data Security controls

 

Phase 3-DP&P Implementation: Products and Outcome

Product 1: Personal Data Classification System (step 1);

Product 2: Procedure for Approving the Processing of Personal Data (step 2);

Product 3: Personal Data Bases Registration document (step 3);

Product 4: Step DI#4: Develop and Implement a Cross-Border Data Transfer System (step 4);

Product 5: Executed DP&P integration activities (step 5);

Product 6: Executed DP &P training activities (step 6); and

Product 7: Implemented Data Security controls (step 7);

 

The outcome of Phase 3 is to develop and implement a set of data protection and privacy measures to govern personal data more effectively for your enterprise.

 

 

 

 

 

 

 

 

 

*Phase 4: Data Protection and Privacy Governance

 

Phase 4-DP&P Governance: Process Steps

Step GR#1: Implement Practices for Managing the uses of data

Step GR#2: Maintain Data Privacy Notices

Step GR#3: Execute a Requests, Complaints and Rectification Plan

Step GR#4: Execute a Data Protection Risk Assessment

Step GR#5: Issue Data Protection and Privacy Reports

Step GR#6: Maintain Data Privacy Documentation

Step GR#7: Establish and Maintain a Data Privacy Breach Response Plan

 

Phase 4-DP&P Governance: Products and Outcome

Product 1: Updated data protection and privacy strategy (step 1);

Product 2: Data protection policy (step 1);

Product 3: Procedure for Maintaining Data Privacy Notices (step 2);

Product 4: Requests, Complaints and Rectification Plan (step 3);

Product 5: Data Protection Risk Assessment Process (step 4);

Product 6: Third-Party Risks Management Plan (step 4);

Product 7: Data Protection and Privacy Report (step 5);

Product 8: Data Privacy Documentation (step 6); and

Product 9: Data Privacy Breach Response Plan (step 7);

 

 

The outcome of Phase 4 is to establish the data protection and privacy governance structures for better data protection and privacy management.

 

 

 

 

 

 

 

 

*Phase 5: Data Protection and Privacy Evaluation and Improvement

 

Phase 5-DP&P Improvement: Process Steps

Step RI#1: Perform Internal Audits of Data Protection and Privacy

Step RI#2: Engage an external party to perform Data Protection and Privacy assessments

Step RI#3: Perform privacy assessments and benchmarks

Step RI#4: Execute Data Protection Impact Assessments

Step RI#5: Resolve Data Protection and Privacy (DP&P) Risks

Step RI#6: Report DP&P Risk Analysis and Results

Step RI#7: Monitor Data Privacy Laws and Regulations

 

Phase 5- DP&P Improvement: Products and Outcome

Product 1: Data protection and privacy internal audit report (step 1);

Product 2: Data protection and privacy eternal audit report (step 2);

Product 3: Ad-hoc privacy assessment report (step 3);

Product 4: Privacy self-assessment report (step 3);

Product 5: Privacy benchmark report (step 3);

Product 6: Data Protection Impact Assessment report (step 4);

Product 7: Data Protection and Privacy Resolved Risks report (step 5);

Product 8: DP&P Risk Analysis and Results report (step 6); and

Product 9: Monitoring Privacy Laws Report (step 7);

 

The outcome of Phase 5 is to audit the data protection and privacy aspects of your enterprise so that you find the gaps and errors in implemented measures and controls related to data protection and privacy and schedule actions to improve them.

 

 

 

 

 

 

 

 

 

BIBLIOGRAPHY

 

Books by John Kyriazoglou

1. DATA PROTECTION AND PRIVACY MANAGEMENT SYSTEM DATA PROTECTION AND PRIVACY GUIDE – VOL I

http://bookboon.com/en/data-protection-and-privacy-management-system-ebook

 

2. DP&P STRATEGIES, POLICIES AND PLANS DATA PROTECTION AND PRIVACY GUIDE – VOL II

http://bookboon.com/en/dpp-strategies-policies-and-plans-ebook

 

3. DATA PROTECTION IMPACT ASSESSMENT DATA PROTECTION AND PRIVACY GUIDE – VOL III

http://bookboon.com/en/data-protection-impact-assessment-ebook

 

4. DATA PROTECTION SPECIALIZED CONTROLS DATA PROTECTION AND PRIVACY GUIDE – VOL IV

http://bookboon.com/en/data-protection-specialized-controls-ebook

 

5. SECURITY AND DATA PRIVACY AUDIT QUESTIONNAIRES DATA PROTECTION AND PRIVACY GUIDE – VOL V

http://bookboon.com/en/security-and-data-privacy-audit-questionnaires-ebook

 

6. Sistema de gestão privacidade e proteção de dados:

Guia de Privacidade e Proteção de Dados – Vol I

https://bookboon.com/pt/sistema-de-gestao-privacidade-e-protecao-de-dados-ebook

Tuesday, August 31, 2021

IT Glossary

 

Overview: This glossary contains over 500 every-day terms that are specific to IT systems and Data Protection (GDPR). Each term includes a clear, practical and concise definition or description.

 

Terms relate to IT functions, applications, data center operations, operating systems, data bases, networking and GDPR (EU General Data Protection Regulation).

 

This book is designed to be used by everyone from the novice seeking the most basic information on IT to the professional IT development and operations personnel, Privacy Officers, IT Auditors and IT Consultants, etc.

 

With more than 95 pages, this glossary is a practical tool for all IT managers, developers, support staff, IT auditors and users of IT systems.

 

 

This is a fee resource, based on various sources and the author’s extensive IT Management, IT Auditing and IT Consulting experience.

 

This book is also complemented by the methodologies, practices, policies, procedures and controls contained in the various books specified in the ‘Additional Resources’ section at the end of each chapter and the books listed in the Bibliography part at the end of this book.

 

 

 

 

Table of Contents

 

Summary of Contents

Chapter 1: ‘A’ Terms

Chapter 2: ‘B’ Terms

Chapter 3: ‘C’ Terms

Chapter 4: ‘D’ Terms

Chapter 5: ‘E’ Terms

Chapter 6: ‘F’, ‘G’ and ‘H’ Terms

Chapter 7: ‘I’, ‘J’, ‘K’ and ‘L’ Terms

Chapter 8: ‘M’, ‘N’ and ‘O’ Terms

Chapter 9: ‘P’ Terms

Chapter 10: ‘Q’, ‘R’ and ‘S’ Terms

Chapter 11: ‘T’ and ‘U’ Terms

Chapter 12: ‘V’, ‘W’, ‘X’, ‘Y’ and ‘Z’ Terms

Appendix 1. GDPR Terms

Bibliography

About the Author

 

For full details, see: https://www.researchgate.net/publication/354248857_IT_GLOSSARY

 

 

 

 

 

Tuesday, February 9, 2021

Poetry to iprove your life

 

Poetry to improve your life

 

I am glad to announce the publication of my new book with the title: ‘The Melina Anthology: Poems from the Heart and Soul’.

 

This book includes over 100 inspiring poems complemented by numerous Ancient Greek Quotations on connecting with the divine, loving and supporting your family members, improving your personal relationships with your friends and others, supporting your community and sustaining nature.

It also contains methods to assist you in making full use of these poems, such as: A Visualization Process, a set of NLP Techniques and a Personal Wellness Improvement Plan.

 

This is available at:

https://www.amazon.com/dp/B08W4WWWSR?ref_=pe_3052080_397514860

 

In closing, you may also consider the following thoughts of mine on a variety of topics, expressed in 3-line verses, instead of other remarks.

 

1. Melina

I love your blue-green eyes

Your beautiful divine eyes love me

My eternal happiness is fulfilled.

 

2. Friendship                      

Two lonely bereft souls with ancient wisdom

Come finally closer and closer once more

With kindness, love, goodness and harmony.

 

3. Love

Love is a divine idea

But if she does not dwell in our hearts

We will never experience its harmony.

 

4. Light

Light, divine, omnipotent and eternal

Travels at the absolute speed in the supreme universe

Giving us full energy, wellness and health

 

            

5. Nature

When bees die in massive numbers

All nature will be destroyed without return

Extinguishing our lives eventually.

 

6. Homeland

Earth, the only homeland

It is not mine, nor yours

It belongs to all of us together

 

7. War

The winds of war are raging

Opponents' flags flutter with momentum

Bringing doom, chaos and destruction.

 

8. Olympic Games

Flower wreaths crown the best

From all planetary lengths and latitudes

But poverty still remains very-very high.

 

9. Civilization

With cement, steel and bricks

Villages became giant cities without humanity

Making us prisoners without joy

 

10. Virtues

Faith and justice bring hope

But only love, kindness, honesty and friendliness

Calm the terrible storms of our life

 

11. Harmony

Infinity glorifies eternity

The state of zero the final split of the atom

Completing together the Divine harmony

 

12. Happiness

Arrogant souls hunt for more wealth

Adding huge profits to some people and thousands of companies

But no one has ever found full happiness.

 

13. Material goods

Material goods are ever-present and omnipotent

Bringing us a better life with conveniences, difficulties but also flexibility

But they do not pacify our souls or make them happy.

 

Thank you for your support and consideration.

 

Kind Regards.

 

John Kyriazoglou

 

jkyriazoglou@hotmail.com