What a year: 2017. A horse named Cloud Computing won the Preakness, Ken dolls got man buns, and privacy pros around the world removed their eclipse glasses to take in the full measure of what the GDPR will mean for their organizations. Once the retinal burn wore off (has it?), you all flocked to the IAPP Resource Center in greater numbers than ever before (actually, like 97 percent more than ever before, which is nuts). Unsurprisingly, GDPR tools and resources lead the pack this year, but policy writing and privacy impact assessments, plus our Tech Vendor Report, made the list as well.
Take a look.
- Top 10 operational impacts of the GDPR - Topping practically every superlative list of the year, this ebook, created from a 10-part series by the IAPP Westin Research Center, outlines specific provisions of the GDPR, offering a practical assessment of how each may necessitate change in your organization’s data-handling practices.
- The EU General Data Protection Regulation page - This IAPP member-only page holds all the tools, templates, checklists, guidance and insight to help answer all your GDPR questions and lead you to compliance. From the Article 29 Working Party’s guidance docs to the “Ask the DPO” web conference series, it’s your one-stop-shop for all things GDPR.
- Sample Data Protection Policy Template - This template from IT Donut serves as a starting point for organizations creating a data protection policy. The word doc format offers the ability for organizations to customize the policy.
- The AvePoint Privacy Impact Assessment (APIA) System - The APIA tool from AvePoint, available exclusively through the IAPP, helps you automate the process of evaluating, assessing and reporting on the privacy implications of your enterprise IT systems. The APIA System allows you to select questions from a prepopulated bank or create your own, meaning you can build and save PIA templates to be reused and reported out.
- The DPO Toolkit - The IAPP’s DPO Toolkit comprises a number of resources instrumental to performing what will be a vital role at many organizations: the data protection officer. From a sample job description to research on how much training a DPO needs to determining whether your company needs a DPO at all, this page has got what you need to know about the DPO requirement in the GDPR. (Except a sample contract for an external DPO. I’m working on it … any offers out there? Email me.)
- Privacy Impact Assessment - Privacy impact assessments are a valuable tool to gauge the ways projects, systems, programs, products or services impact the data an organization holds, plus they are required in certain circumstances under the GDPR (though they’re referred to as DPIAs). This IAPP member-only page includes resources to help you get a better understanding of PIAs and also has tools and templates to automate the way you conduct them.
- Data Protection Authorities - The IAPP has amassed for its members a list of the world’s data protection authorities that we believe is the largest available anywhere. The list includes contact information whenever possible and offers links to many of the national privacy laws. Need to get in touch with the DPA of Tunisia? We can help.
- GDPR in 20 minutes - Looking for a slimmed down version of the EU's General Data Protection Regulation? The GDPR in 20 Minutes might just be your thing. List-formatted, in outline, this is a way of looking at the GDPR text in truncated fashion, highlighting meaning, while providing links to relevant text you can expand to find a fuller picture. The text has also been reorganized to group information by topic.
- Preparing for the GDPR: DPOs, PIAs, and Data Mapping - This IAPP-TRUSTe 2016 study on privacy practices asked 244 privacy professionals about their organizations’ progress toward GDPR compliance, such as whether they have a data protection officer, as well as questions about data hygiene habits like privacy assessments and data inventory and mapping exercises.
- 2017 Tech Vendor Report - In the IAPP 2017 Privacy Tech Vendor Report, the IAPP has identified companies offering privacy technology solutions and loosely categorized the types of solutions they offer — from assessment managers to data discovery tools. The report also includes insight from a number of leaders within some of these companies to better understand where the market is trending and what privacy pros can do to become "champions" for new technology that can help overcome challenges, both for the privacy office and the enterprise as a whole. Look for the 2018 edition in late January.
If you want to comment on this post, you need to login.