If you’re a DPO or Privacy Professional, you’ll probably know that executing DPIA’s (Data Protection Impact Assessments) is a crucial part of Data Protection.
We’ve noticed that many organisations are faced with a lot of challenges when it comes to completing DPIA’s. Some are putting tremendous efforts into DPIA executions, leading to a very time-consuming process and DPIA backlog. Others put too little effort into the DPIA’s, resulting in low-quality and incorrect results.
How can you drastically reduce the cost, overall effort and lead time of your DPIA’s – while increasing the quality and process efficiency?
Well, following our 5 principles below will definitely help you to achieve that.
#1: Analyse your struggles
The struggles we often see today in executing DPIA’s are a lack of knowledge, resources, information and data. Questions being asked in the DPIA where no one has an answer on is one of the many pain points organisations are facing.
Another challenge we face includes tremendous efforts for executing DPIA’s as a result of a scattered approach, leading to a time-consuming process. A ‘document-heavy’ approach is a surprisingly common tactic amongst many organisations but can quickly grow unwieldy into a large amount of DPIA’s with lack of oversight and therefore being hard to follow-up.
So what is going wrong? Where are the gaps in my processes? Where can I find all my data? What are my strengths and weaknesses? Analysing the gaps, defining the threats and opportunities is a first step towards compliance.
#2: Finetune your existing DPIA efforts
Analysing the existing documents, processes, tool, etc. and identifying what can be leveraged from e.g. data governance, business process management, CMDB and existing Data Protection efforts is crucial in the setup of Smart Compliance.
Don’t throw away what you have already achieved!
By building on existing documents and information, we can introduce time savings and increase the buy-in – while avoiding a radical change of executing DPIA’s in your organisation.
#3: Integrate with Data Governance
80% of your data already exists within your organisation and
50% is available within your data governance solution
With this statement, we emphasize the importance of integrating with Data Governance. Reusing data already available within your organisation is key in streamlining and automating your DPIA’s. We can reuse the Collibra environment – not only because of its flexibility, but because of the vast ability to reuse the existing metadata as input to the DPIA. With this in mind, Collibra is not only a system of record for metadata but can also become a system of record for Data Protection and Privacy.
Being a system of record for Data Protection and Privacy, Collibra can support the DPIA process by building a ‘pulldown’ list of processes found within the organisation. This means 2 things:
- It takes seconds to find the right process information required for the DPIA
- It prevents duplicated process information or misspelt process data from being entered
Benefit from the core Collibra functionalities – with the possibility to re-use information that is already available and documented in the Register of Processing Activities – processing activities, data classification, data lineage, data flows, data transfers,… could all be already available in your data governance solution and can therefore be leveraged to the maximum.
How to reuse your Data Governance information for your Register and DPIA.
#4: Introduce Smart Compliance
Smart Compliance refers to a novel set of solutions that enable your organization to become and stay compliant on autopilot while ensuring higher-quality results and less risk.
By combining your existing data footprint with technologies such as Robotic Process Automation (RPA) and smart Legal Engineering, we help you to automate time-consuming compliance processes and activities.
How can Data Trust Associates do this?
With the DPIA Risk Automation Solution, as part of #SmartCompliance, we have automated the risk and mitigation process.
Our proven DPIA templates allow your DPIA questions to be customized and linked to pre-defined answers (for about 80% of the questions).
Based upon these pre-defined answers, the according risks and mitigations can automatically be derived which provides the user with an immediate 80% completion of both the inherent risks, mitigations and residual risks.
80% Risk completion reduces our DPIA effort from days to a couple of hours.
#5: Introduce a community of Privacy Ambassadors
‘Automation’ and ‘User-Friendliness’ are two terms that will bring music to the ears of your stakeholders.
After all – nobody likes spending a lot of time at repetitive tasks while there’s a pile of work waiting…
Ultimately, it comes down to making the process as user-friendly as possible for the business and add automation to reduce DPIA lead times by increasing efficiency.
Change Management will play a crucial role in implementing and maintaining Data Protection processes.
Our DPIA risk automation solution creates the basis to start from. But someone, “the Privacy Ambassador”, should still fill the gap between the Business and Data Protection requirements.
A Privacy Ambassador is aware of the day-to-day activities and projects of his/her department and has knowledge of the Data Protection regulations and processes.
In successful organizations, a Privacy Ambassadors community, established and recognised within the organisation, serves as the extension of your DPO and Data Protection team and plays a crucial role of bringing awareness and compliance to the organisation.
Focus on the core, outsource the rest
Feeling overwhelmed by the workload?
Want to free up time for more meaningful work?
Looking for a fit-for-use solution?
At Data Trust Associates, we have extensive experience in helping clients from different industries to execute and automate DPIA’s as well as many other Data Protection processes.
We’re happy to discuss and see how we can help you reduce your Data Protection workload.