The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It focuses on protecting personal data and giving people control over their data across organizations under EU. Organizations are looking for different methods to be compliant with GDPR and make sure, that absolute protection is ensured for personal data. And if not, complaint gives the organization a fine up to €10 million or 4% of their annual turnover, whichever is greater. The infographic below showcases the same.
There is a requirement for maintaining a huge set of documents and keeping a track record of all the documents, in establishing compliance with GDPR. It is also important to identify risk and establish accountability for different issues as in GDPR, everything matters. Maintaining track record of personal data spread across the organization is also necessary and this becomes difficult in form of hard or soft copy documents. And all these functionalities to get compliance should match with the planned investment in achieving compliance. What if we could do all these differences, efficiently and with simplicity.
RSA Archer GRC Platform allows you to build efficient collaborative Governance Risk and Compliance program across finance, IT, operations, and legal domains. You could define RSA Archer as a platform which transform’s according to your requirement. Similarly, GDPR is no exception. By Archer 6.3 we are able to transform archer platform to a help you achieve GDPR Compliance.
If you are not familiar with RSA Archer, do check out the below links to get a better view:
So, what difference can RSA Archer make? Well its simple, and by simple, I mean the simplicity which RSA Archer gives you. RSA Archer helps you establish accountability for different processes within the organization. And RSA Archer provides a clear view to the entire GDPR program, which means the top management could get better visibility to the entire GDPR Program along with repository for maintaining documents which help you easily track personal data which is scattered inside the entire organization.
Let’s look into different use cases in RSA Archer which would help in establishing GDPR compliance.
RSA Archer 6.3 introduced new features and enhancements to the platform including two new use cases which target GDPR
Data Governance use case helps in establishing better visibility to personal data being processed across the organization. It helps you in documenting on ‘what data is being collected’, ‘how it is being collected’ and ’how it is processed’ inside the organization. The Data Governance use case focuses on prioritizing data privacy and helping in proper documentation to establish better visibility to business processes dealing with PII.
PRIVACY PROGRAM MANAGEMENT
The use case enables protection of privacy across business processes. This is achieved by grouping different processing activities. The use case also enables new capabilities for privacy assessments. It also supports the DATA GOVERNANCE use case which we have mentioned earlier.
Other than these new use cases introduced in Archer 6.3, we have other existing use cases which would help in achieving GDPR Compliance. This includes:
IT & SECURITY POLICY PROGRAM MANAGEMENT
Dealing with GDPR means dealing with lots of policies and procedures. RSA Archer provides an environment for properly documenting policies and procedures along with assigning ownership and mapping policies to key business areas. The IT & SECURITY POLICY PROGRAM MANAGEMENT use case provides proper visibility into how you existing control environment complies with your established policies and procedures.
IT RISK MANAGEMENT
Achieving GDPR Compliance means dealing with different risks that arise from the entire organization. The use case helps in establishing a connection with assets that store EU citizen data, the risks related to those assets and risk register which includes mitigation plans for those risks. RSA Archer provides a platform for proper documentation of all related risk which arise in relation to the storage and process of PII. The platform also self-evolves with new risks. The top management would have a proper view of the risk along with identifying the cause of the risk and establishing accountability for related processes and hence reducing GDPR Compliance gaps.
IT CONTROLS ASSURANCE
IT CONTROLS ASSURANCE indicated proper documentation of IT assets, control, and taxonomy. The use case provides automated and manual testing approaches these controls along with integration with external testing and assessment technologies. The use case also provides a centralized repository for all gaps, with remediation plans, exception plans along with risk acceptance and signoff. All these help in reducing gaps in GDPR Compliance.
THIRD PARTY RISK MANAGEMENT
It is important for any organization looking for GDPR compliance to ensure that third-party services which they are aligned to, satisfy the GDPR regulations. RSA Archer helps in creating an assessment for Third Party’s to document the vendor’s internal control environment along with different supporting documents for the same. These assessments can be further analyzed to identify different GDPR gaps that come with third parties. The platform also provides a repository for maintaining the contracts with different third parties to showcase their obligations to GDPR Compliance.
GDPR requires organizations to get permissions from individuals before processing their data and also gives them the “right to be forgotten”. RSA Archer provides on-demand applications and an advanced workflow which helps in ensuring that permissions obtained from users in processing their data are documented before they are being processed. And in the end, what we have is the audit which would be simpler and more efficient if you could showcase everything related to GDPR in a single configurable platform.
RSA Archer is “What you want it to be “and GDPR is no exception. RSA Archer could be the helping hand in achieving GDPR because it evolves along with your business and you have visibility to everything related to PII in a click ahead.