Checklist: data privacy and security compliance program
Checklist: data privacy and security compliance program Checklists can be handy to create agendas for meetings, task lists for projects and guidance for a quick health check on an organization’s compliance status. They should not create a false sense of completeness though. With the following checklist, you should be able to determine major gaps and get a discussion about compliance going. 1. Who is in charge of data privacy and security compliance in the organization? Determine whether your company should appoint a Chief Privacy Officer and/or local liaisons, and whether you are legally required to appoint data protections officers Are all stakeholders instructed and trained regarding their responsibilities, in particular: ♦ Information technology department (regarding data security, retention and access restrictions) ♦ Premises security ♦ Human resources department (regarding employee files, HRIS, monitoring, whistleblower hotline) and ♦ Sales and marketing personnel (regarding direct marketing)? 2. What does the company do to keep data secure? Do you have a security policy that describes sufficient physical, technological and organizational data security measures, e.g., database access controls and device encryption? Are all employees familiar with the policy and actually complying with it? Are service providers carefully selected and monitored with respect to data security and are appropriate contracts in place? Are you prepared for a data security breach with respect to notice and compensation requirements under law and contracts? Do you have a data retention and deletion program in place that ensures that data is securely discarded after it is no longer needed or legal to store...
You are not authenticated to view the full text of this chapter or article.
Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.
Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.
Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.