TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | The IAPP's new DPO Report Template Related reading: DPO Toolkit

rss_feed
PrivacyTraining_ad300x250.Promo1-01

Last month a question was posed on the Privacy List: "Does anyone have a template of an annual [or quarterly or any similar] DPO report to management that they would be kind enough to share?" The question generated dozens of responses that went something like, "Yeah, I'd like to see that too!," and some others offering information on what one would include in such a report.

The IAPP's content and research teams noticed the overwhelming response and have created the DPO Report Template — a slide deck that aims to help data protection officers report out to their leadership teams. We've taken the suggestions from the Privacy List and added in our own bits and pieces based on some of the more quantifiable requirements of the GDPR. For example, Article 30 of the GDPR requires companies keep records of specific things like the categories of data subjects and personal data that companies process, so we've included a slide for that. We included slides outlining organizational efforts to secure data, as required in Article 32, including documentation of security incidents, which will help fulfill your Article 33 obligations. Article 39 lays out DPO requirements like employee training and cooperation with the supervisory authority, so we've included a way to show how many employees are being trained monthly, and information on audits and complaints. You get the picture.

We often hear that communicating the importance of privacy to leadership is a real challenge — though with high-impact laws like the GDPR, it's getting more commonplace. A report like this accomplishes more than outlining compliance efforts. It also keeps privacy in front of leadership, it shows the risks that come with processing personal data and the importance of a strong team to protect that data.

This template is a first stab, and one that we hope the IAPP community will use, alter, and share back with us. We welcome suggestions, and we'd love to see how you've improved upon it and customized it to fit your needs.

As the Privacy List tagline goes, "It's crowd sourcing. With an exceptional crowd."

Check it out here and let us know what you think.

photo credit: wuestenigel Flat lay with glasses, keyboard and cactus candle on colorful background. via photopin (license)

2 Comments

If you want to comment on this post, you need to login.

  • comment Jussi Leppälä • Nov 21, 2018
    This is a great template.  In a smaller organization, the number of actual data breaches or data subject access requests may not be so big. In those cases, it would make sense to report the rehearsals as well.  Also, keeping privacy notices up-to-date may not be easy.  Reporting last review dates could be helpful.
  • comment Amedeo Maturo Senra • Nov 23, 2018
    Just: Thanks!