Meeting the demand for privacy management tools, GDPR tech solutions are on the rise
4 minute read
The International Association of Privacy Professionals (IAPP) and EY Governance Report 2017 has now been published.
This third annual study of GDPR.governance in organizations, surveying modern operations about the present and future of the profession, reflects significant changes in programs globally in response to the
It is clear the growing importance organisations are placing on technology solutions.
“Perhaps the biggest takeaway from this year’s survey, however, is the role that technology is now playing inmanagement. The second most popular tool for GDPR preparation is investing in technology: 55 percent of respondents plan to make such investments, compared to just 29 percent last year. Among team duties, the use of -enhancing software rose to 31 percent of respondents from 24 percent in 2016.”
The report shows that technology held the largest budget share with 33% of total budgets being allocated, greater than outside counsel or consultants.
Risk-focused privacy management
GDPR regulators, such as the UK’s ICO, have been making it clear that GDPR signifies a move away from simple tick-box compliance to one of being able to demonstrate an understanding of risks and mitigate against them. The survey reveals the shift towards a risk-focused approach is taking place…
We can also see that Tech and EU firms are the most likely to be risk-focused in their functions.Good risk management software tools that offer an end-to-end approach for identifying, evaluating, managing and evidencing, present a good technology solution for this approach.
External Audits and Certifications
Whilst there is no external certification one can achieve for GDPR, there is a requirement for policies and procedures to undergo regular audits. This together with the move towards the ‘risk-based approach’ to GDPR could be one of the reasons that certification is on the increase.
In terms of external audits and certifications, 27001 certification was the most commonly held in 2016 (39%) and has increased to 50% in 2017. In unregulated firms, it was much greater, at 60%.
The survey results also showed a significant move towards as an expectation for vendors. It was up from 39% in 2016 to 50% in 2017, demonstrating organisations are increasingly seeking the assurances an external certification can give.
Managing audit programmes and the wider Information Security Management System (ISMS) is another significant area where technology offers solutions.
GDPR Technology Solutions
With management and compliance becoming more complex and more onerous it is little wonder the requirement for technology solutions is on the increase.However, as the full report shows, Privacy Professionals are now working alongside their Information Security counterparts, together with Legal, HR and Compliance teams, to ensure and information security risks are minimised and GDPR compliance can be demonstrated.
Traditionally, technology solutions have been disparate in the requirements they satisfy. For example, risk management tools may require alternative solutions to policy management, staff communications and policy governance. Add to this the newer, GDPR requirements of managing access requests or DPIA’s and we can see how multiple vendor contracts, higher costs and management and a non ‘joined-up’ approach would be a disadvantage.
Until now there have been few, affordable solutions offering the integrated approach. ISMS.online is a UK hosted, certified solution that enables Privacy and Information Security work to take place in one integrated environment using:
Frameworks for GDPR policy management and governance mapped to an ISO 27001 framework where required
Actionable policies and controls
Team working with full collaboration functionality
Internal and external audit management
Staff communications & engagement
Supply chain/vendor management
Managing Privacy and Information Security in one online solution allows you easily to describe and demonstrate compliance whilst reducing management time and costs.