©2019 by Sureway.

RECOMMENDED PRIVACY PATH

Below you can see our recommended 10 steps to implement a privacy governance concept for your business. The steps are based on experience from GDPR projects in Norway.

1. IDENTIFY THE PROCESSES

The business is using personal data in many processes on all your platforms. These needs to identified and sorted. The catalogue of processes to be noted in Sureway

2. COMPLETE RECORDS

For each process the business need to complete records including the detailed information on the process. All processes to be logged in to Sureway as structured data. Records are the foundation for alle activities below.


3. ASSESS SECURITY

The business need to assess if technical and administrative security is satisfactory. All security assessments to be done in Sureway.

4. PUBLISH YOUR PRIVACY POLICIES

The business need to create a privacy policy (or notice) per process to be specific enough for the individuals to use their rights. And you need to create a general policy on top of these. Such policies are created- and can be published from Sureway.

5. ADMINISTRATE YOUR CONSENTS

The business need to assess if the way they collect and administrate their consents are in line with regulations. Data subjects can administrate all their consents in Sureway, without any administration from the business.

6. MANAGE PEOPLE`S RIGHTS

The business need to build a concept to handle people`s right. Let customers and citizens access their data- and manage all privacy inquiries through Sureway, on their own.

7. EVALUATE YOUR VENDORS

You need to evaluate all your vendors - data processors. When completing records, Sureway create a list of all vendors. Here you can upload all agreements and evaluate if they are in line with the regulation and other requirements.

8. INFORM YOUR STAFF

The business need to create internal privacy rules for their employees. In Sureway you can create a privacy manual and give employees access to the manual by web or by mobile .

9. ASSESS PRIVACY IMPACT

For some processes it is needed to perform risk assessments for the privacy impact on people`s rights and freedom. The impact assessment to be done in Sureway.

10. TEST AND MAINTAIN

Test if your privacy governance is working by simulation visits from authorities and data breaches. Perform regular audits. All to be done in Sureway.