Data Protection
and Privacy (DP&P) System Description
Created by John
Kyriazoglou
Overview
This system ‘Data
Protection and Privacy Management System (DP&P System)’ consists of a methodology; 5 phases and 36 steps;
numerous outcomes and 42 products; and over 99 detail actions.
Objective
The objectives of this system are:
1. To enable and facilitate company leaders, managers
and staff, to manage better the enterprise’s personal data;
2. To mitigate the usual data protection and privacy
risks of collecting and processing personal data; and
3. Comply effectively with the requirements of privacy
regimes, such as: EU’s GDPR, Brazil’s LGPD, etc.
DP&P System:
Phases, Products and Outcomes
*Phase 1: Data Protection and Privacy
Preparation
Phase
1-DP&P Preparation: Process Steps
Step AP# 1: Conduct
Privacy Analysis
Step AP# 2: Collect
Privacy Laws
Step AP# 3: Analyze
Privacy Impact
Step AP# 4: Perform
Initial Data Audits and Assessments
Step AP# 5:
Establish Data Governance Organization
Step AP# 6:
Establish Data Flows and Personal Data Inventory
Step AP# 7:
Establish Data Protection and Privacy Program
Step AP# 8: Craft
DP& P Implementation Action Plans
Phase
1-DP&P Preparation: Products and Outcome
Product
1: Data protection and
privacy analysis report
(step 1);
Product
2: Privacy
Laws Manual (step 2 and 3);
Product
3: Personal Data Audit Report (step 4);
Product 4: Data Flows System (step 6);
Product
5: Personal Data Inventory (step 6);
Product 6: Data Protection
Policy (step 6);
Product
7: Privacy Training Plan (step 7);
Product
8: Data
Protection and Privacy Program (step
7);
Product
9: Data Protection and Privacy Organization Report and Budget (steps 1 to 8);
and
Product
10: DP& P Implementation Action Plans (steps 1 to 8)
The outcome of Phase 1 is to prepare your enterprise (board, management and staff) to be more
effective in dealing with the data protection and privacy risks and in managing
and resolving these better so that the impact to the company’s operations,
brand-name and profits are minimized as much as possible.
*Phase 2: Data Protection and Privacy
Organization
Phase 2-DP&P
Organization: Process Steps
Step OS#1: Maintain
Data Privacy Program, Policy and Governance Controls
Step OS#2: Assign
and maintain Data Protection and Privacy responsibility
Step OS#3: Maintain
Senior Management engagement in Data Protection and Privacy
Step OS#4: Maintain
Data Protection and Privacy Commitment
Step OS#5: Maintain
regular communication for Data Protection and Privacy issues
Step OS#6: Maintain
stakeholder engagement in Data Protection and Privacy matters
Step OS#7: Implement
and Operate the Data Protection and Privacy Computerized System.
Phase
2-DP&P Organization: Products and Outcome
Product
1: Updated data protection and
privacy strategy (step
1);
Product
2: Updated data protection and
privacy program (step
1);
Product
3: Data
Governance Controls (step 1);
Product
4: Announcement of the appointment of the Data Protection or
Privacy Officer (step 2);
Product
5: Communications related to data protection and privacy (step 3, 4, 5 and 6);
Product
6: Data
protection and privacy network (step
4);
Product
7: Data
protection and privacy role in job descriptions (step 4);
Product
8: Updated Privacy Awareness, Communication and Training Plan
(step 5); and
Product
8: Data
protection and privacy computerized system (step 7);
The outcome of Phase 2 is to establish the
data protection and privacy organizational structures for better data
protection and privacy implementation.
*Phase 3: Data Protection and Privacy
Development and Implementation
Phase 3-DP&P
Implementation: Process Steps
Step DI#1: Develop and implement Data Protection and
Privacy Strategies, Plans and Policies
Step DI#2: Implement
Approval Procedure for Processing Personal Data
Step DI#3: Register
Databases of Personal Data
Step DI#4: Develop
and Implement a Cross-Border Data Transfer System
Step DI#5: Execute
DP &P integration activities
Step DI#6: Execute
DP &P training plan
Step DI#7: Implement
Data Security controls
Phase
3-DP&P Implementation: Products and Outcome
Product 1: Personal
Data Classification System (step 1);
Product 2: Procedure
for Approving the Processing of Personal Data (step 2);
Product 3: Personal
Data Bases Registration document (step 3);
Product 4: Step
DI#4: Develop and Implement a Cross-Border Data Transfer System (step 4);
Product 5: Executed
DP&P integration activities (step 5);
Product 6: Executed
DP &P training activities (step 6); and
Product 7:
Implemented Data Security controls (step 7);
The outcome of Phase 3 is to develop and implement a set of data protection and
privacy measures to govern personal data more effectively for your enterprise.
*Phase 4: Data Protection and Privacy
Governance
Phase 4-DP&P
Governance: Process Steps
Step GR#1: Implement
Practices for Managing the uses of data
Step GR#2:
Maintain Data Privacy Notices
Step GR#3: Execute a
Requests, Complaints and Rectification Plan
Step GR#4: Execute a
Data Protection Risk Assessment
Step GR#5: Issue
Data Protection and Privacy Reports
Step GR#6: Maintain
Data Privacy Documentation
Step GR#7: Establish and Maintain a Data Privacy Breach Response Plan
Phase
4-DP&P Governance: Products and Outcome
Product
1: Updated data protection and
privacy strategy (step
1);
Product
2: Data protection policy (step 1);
Product
3: Procedure for Maintaining Data Privacy Notices (step 2);
Product
4: Requests, Complaints and
Rectification Plan (step
3);
Product
5: Data Protection Risk Assessment Process (step 4);
Product
6: Third-Party
Risks Management Plan (step 4);
Product
7: Data Protection and Privacy Report (step 5);
Product
8: Data Privacy Documentation (step 6); and
Product
9: Data
Privacy Breach Response Plan (step 7);
The outcome of Phase 4 is to establish the data protection and
privacy governance structures for better data protection and privacy
management.
*Phase 5: Data Protection and Privacy
Evaluation and Improvement
Phase 5-DP&P
Improvement: Process Steps
Step RI#1: Perform
Internal Audits of Data Protection and Privacy
Step RI#2: Engage an
external party to perform Data Protection and Privacy assessments
Step RI#3: Perform privacy assessments and benchmarks
Step RI#4: Execute Data Protection Impact Assessments
Step RI#5: Resolve Data Protection and Privacy (DP&P) Risks
Step RI#6: Report DP&P Risk Analysis and Results
Step RI#7: Monitor
Data Privacy Laws and Regulations
Phase
5- DP&P Improvement: Products and Outcome
Product
1: Data protection and
privacy internal audit report (step 1);
Product
2: Data protection and
privacy eternal audit report (step 2);
Product
3: Ad-hoc privacy assessment report (step 3);
Product
4: Privacy self-assessment report (step 3);
Product
5: Privacy
benchmark report (step 3);
Product
6: Data Protection Impact Assessment report
(step 4);
Product
7: Data
Protection and Privacy Resolved Risks report (step 5);
Product
8: DP&P
Risk Analysis and Results report (step
6); and
Product
9: Monitoring
Privacy Laws Report (step 7);
The outcome of Phase 5 is to audit the data protection and
privacy aspects of your enterprise so that you find the gaps and errors in
implemented measures and controls related to data protection and privacy and
schedule actions to improve them.
BIBLIOGRAPHY
Books by John Kyriazoglou
1. DATA PROTECTION AND
PRIVACY MANAGEMENT SYSTEM DATA PROTECTION AND PRIVACY GUIDE – VOL I
http://bookboon.com/en/data-protection-and-privacy-management-system-ebook
2. DP&P STRATEGIES,
POLICIES AND PLANS DATA PROTECTION AND PRIVACY GUIDE – VOL II
http://bookboon.com/en/dpp-strategies-policies-and-plans-ebook
3. DATA PROTECTION IMPACT
ASSESSMENT DATA PROTECTION AND PRIVACY GUIDE – VOL III
http://bookboon.com/en/data-protection-impact-assessment-ebook
4. DATA PROTECTION
SPECIALIZED CONTROLS DATA PROTECTION AND PRIVACY GUIDE – VOL IV
http://bookboon.com/en/data-protection-specialized-controls-ebook
5. SECURITY AND DATA PRIVACY
AUDIT QUESTIONNAIRES DATA PROTECTION AND PRIVACY GUIDE – VOL V
http://bookboon.com/en/security-and-data-privacy-audit-questionnaires-ebook
6. Sistema de gestão
privacidade e proteção de dados:
Guia de Privacidade e
Proteção de Dados – Vol I
https://bookboon.com/pt/sistema-de-gestao-privacidade-e-protecao-de-dados-ebook