Data protection management system: implementation and optimisation
A data protection management system (DPMS) covers all documented and implemented regulations, processes, and measures that can be used systematically to control and monitor the handling of personal data within a company in compliance with data protection law.
The GDPR does not explicitly provide for the implementation of a DPMS, but the necessity of such a system may arise from an analysis of all its requirements.
The core purpose of any data protection management system is to identify and eliminate issues and risks associated with data protection law and continuously optimise processes and documents with the help of structured processes for their regular review and evaluation (process steps).
As such, this requires the clear setting of responsibilities, a commitment on the part of management to achieving the envisaged data protection objectives, and a certain awareness of all this among employees.
When implementing a DPMS, the traditional PDCA cycle is of particular importance:
1. Plan: definition and updates of all relevant processes
2. Do: what information is required for a review?
3. Check: review and assessment of adherence to process-related requirements
4. Act: maintain and improve processes
How ISiCO implements or optimises a DPMS:
1. Review and optimise existing data protection organisation
2. Review and create data protection guidelines or manuals
3. Review processes relating to data protection law (e.g. dealing with requests from data subjects)
4. Awareness and data protection training for employees
5. Review and definition of technical and organisational measures (TOMs)
6. Involve a data protection officer and participate in relevant processes
7. Optimise service provider management (processing/joint controllership)
8. Classify data for better measurability
Trust in our expertise and choose ISiCO. No matter whether or not you have implemented an optimisation procedure, we help in carrying out and cementing the steps required to ensure that data protection is designed into your business processes.