Data Protection Implementation Guidance
Steps you need to complete in order to implement this module
Introduction
The Data Protection module requires multiple modules in order to be used: BU, Assets, Controls, Risks, Policies, Etc. For that reason alone preparation is key. We recommend you go trough the training in detail and also complete all related courses, these course are also used on the Risk and Compliance module so the investment will later be leveraged.
Implementation Steps
Once you have completed all courses you can begin the implementation. If you have already implemented the Asset Risk Module your assets, controls, Etc will most likely be already on the system and the implementation will be easier. If you have not implemented yet the Risk modules do not worry and simply go ahead by:
- Ensure your Access Management implementation is completed (see course)
- Identify Business Units and their associated owners or representatives
- Trough interviews, document the assets they use and how they move around the organization. You can already create the assets and data flows (only the stage and title fields) at this stage.
- For every stage you create, identify any Third Party involved (and create it in eramba), Controls, Projects and Policies used to protect the flow. You can go ahead and create them. If your organization is not used to Control Testing we recommend you leave the "Audit" tab for later.
- Flows can be linked to Risks, we do not recommend you do that unless you have already implemented your Risk module.
Optionally, at the stage when the assets are being identified you could (and should) review GDPR aspects around them. You will use that information when flows are created.
Operational Tasks
As part of the Asset Review process you should review the flows related to them under the Data Flows module. At the Asset Identification module you can create Dynamic Statuses that will inherit the Data Flow status. On the Data Flow module you can use notifications, filters and dynamic statuses to alarm the Data Asset "Owner" when a flow is affected by a Control or Policy not reviewed or tested in time.
Playlist
- Episode 1Introduction to Data Privacy1 min left
- Episode 2Introduction to this Course1 min left
- Episode 3Problem vs. Solution Principle5 mins left
- Episode 4Prerequisites2 mins left
- Episode 5Data Protection Module Tabs1 min left
- Episode 6Assets, GDPR and Flows2 mins left
- Episode 7Adding Assets to the Data Flow Module2 mins left
- Episode 8Data Protection Related Modules1 min left
- Episode 9Creating Data Flows2 mins left
- Episode 10Typical Filters: Data Protection Module2 mins left
- Episode 11Typical Reports: Data Protection Module1 min left
- Episode 12Typical Dynamic Statuses: Data Protection Module1 min left
- Episode 13Data Protection Implementation Guidance2 mins left