Data Protection Program

Learn how to implement and operate a data protection program - long

  • Episodes13
  • Duration30m 19s
  • LanguagesEN
Episode 13

Data Protection Implementation Guidance

Steps you need to complete in order to implement this module


The Data Protection module requires multiple modules in order to be used: BU, Assets, Controls, Risks, Policies, Etc. For that reason alone preparation is key. We recommend you go trough the training in detail and also complete all related courses, these course are also used on the Risk and Compliance module so the investment will later be leveraged.

Implementation Steps

Once you have completed all courses you can begin the implementation. If you have already implemented the Asset Risk Module your assets, controls, Etc will most likely be already on the system and the implementation will be easier. If you have not implemented yet the Risk modules do not worry and simply go ahead by:

  • Ensure your Access Management implementation is completed (see course)
  • Identify Business Units and their associated owners or representatives
  • Trough interviews, document the assets they use and how they move around the organization. You can already create the assets and data flows (only the stage and title fields) at this stage.
  • For every stage you create, identify any Third Party involved (and create it in eramba), Controls, Projects and Policies used to protect the flow. You can go ahead and create them. If your organization is not used to Control Testing we recommend you leave the "Audit" tab for later.
  • Flows can be linked to Risks, we do not recommend you do that unless you have already implemented your Risk module.

Optionally, at the stage when the assets are being identified you could (and should) review GDPR aspects around them. You will use that information when flows are created.

Operational Tasks

As part of the Asset Review process you should review the flows related to them under the Data Flows module. At the Asset Identification module you can create Dynamic Statuses that will inherit the Data Flow status. On the Data Flow module you can use notifications, filters and dynamic statuses to alarm the Data Asset "Owner" when a flow is affected by a Control or Policy not reviewed or tested in time.