Chapter 4: Maintaining and Auditing Data Privacy Compliance Programs
4 Maintaining data privacy compliance programs Maintaining and auditing data privacy compliance programs The maintenance challenge. Once you implement a data privacy compliance program, the work does not end. The maintenance phase begins. Some laws and programs require periodic actions. For example, the EU-US Safe Harbor Program requires companies to re-certify annually. Also, lawmakers around the world issue and revise laws constantly. Organizations transform in various ways, for example in mergers and acquisitions, spin-offs, reorganizations, relocations, international expansion, increased headcount and technology acquisitions. Also, employees in charge of privacy compliance may come and go. All of these changes have compliance implications. Documentation. In order to assure efficient maintenance and continuity, you should consider preparing a brief outline of your program, a list and location of key documents and decision makers and a compilation of information on the scope of previous compliance assessments (e.g., jurisdictions, vendors and services covered). Based on such documentation, you can answer questions about the program, assess quickly whether organizational changes trigger a need to update or expand the program, document periodical reassessments, guide audits and train colleagues or successors with respect to the data privacy compliance program. Taking over or auditing an existing compliance program. When you take over an existing compliance program (for example, in a new job) or when you audit a program (e.g., in the context of M&A due diligence), you could basically go through the same tasks as if you are implementing a new program and then ask for documentation or...
You are not authenticated to view the full text of this chapter or article.
Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.
Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.
Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.