Show Less
You do not have access to this content

Determann’s Field Guide to Data Privacy Law

International Corporate Compliance, Third Edition

Lothar Determann

Companies, lawyers, privacy officers and marketing and IT professionals are increasingly facing privacy issues. While information is freely available, it can be difficult to grasp a problem quickly, without getting lost in details and advocacy. This is where Determann’s Field Guide to Data Privacy Law comes into its own – identifying key issues and providing concise practical guidance for an increasingly complex field shaped by rapid change in international laws, technology and society.
Show Summary Details
You do not have access to this content

Chapter 4: Maintaining and auditing compliance programs

International Corporate Compliance, Third Edition

Lothar Determann



The maintenance challenge. Once you implement a data privacy compliance program, the work does not end. The maintenance phase begins. Some laws and programs require periodic actions. The EU-U.S. Privacy Shield Program requires companies to re-certify annually. Lawmakers around the world issue and revise laws constantly. Organizations transform in various ways, through mergers and acquisitions, spinoffs, reorganizations, relocations, international expansion, increased headcount and technology acquisitions. Employees in charge of privacy compliance may come and go. All of these changes have compliance implications.


Documentation. In order to assure efficient maintenance and continuity, you should consider preparing a brief outline of your program, list the location of key documents and decision makers and compile information on the scope of previous compliance assessments (e.g., jurisdictions, vendors and services covered). Based on such documentation, you can answer questions about the program, assess quickly whether organizational changes trigger a need to update or expand the program, document periodical re-assessments, guide audits, and train colleagues or successors with respect to the data privacy compliance program.


Taking over or auditing an existing compliance program. When you take over an existing compliance program (for example, in a new job) or when you audit a program (e.g., in the context of M&A due diligence), you could go through the same tasks as if you are implementing a new program and then ask for documentation or other confirmation that the requirements have been satisfied. Or...

You are not authenticated to view the full text of this chapter or article.

Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.

Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.

Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.

Further information

or login to access all content.