"UNITAS has taken up simulated answering of the questions towards some existing customers, and can conclude that with that the customers work with UNITAS has done, it enables them to correspond practically to a 12-figure throughout. ”
UNITAS have requested insight into Datatilsynets (DT) questionnaire, which is used for companies and organizations in connection with initial supervision. The questionnaire currently contains approx. 50 questions and can read here! Guide to the form can be found here!
In addition to the obvious areas, the questions deal with documentation of treatment activities (the list) and risk assessments (which must be able to be documented with date stamps, have management approval, etc.) in particular the technical safety measures.
The technical safety measures in question count topics such as; secure communication, ability to re-establish data from backup, secure updated and tested contingency plans etc.
When we in UNITAS embraces both law, compliance and IT security, we can, among other things. help you with the following that ensures you have the basics in place:
- Basic GDPR documentation
- Mapping of processes and systems
- Preparation of your business listing
- Quality assurance of data processor agreements that form part of the basis for the subsequent…
- … Risk assessment, which must be date-marked and management-approved
- Documentation of basic technical and organizational security measures
- Preparation of general controls
- Prepare IT security policy, for example based on and background in CFCS recommendations
- Develop procedures for handling breaches of information security as well as logging function
- Establish or transfer documentation to a system that meets the requirements for date marking, traceability and versioning
- Ability to communicate securely
- Advise on secure communication
- Implement secure communication platforms
- Inspection of any existing secure communication platform
- Ability to recover data
- Review of existing backup solutions
- Advise on backup
- Ensure fully automated ongoing restore testing of files, databases etc.
- Ability to re-establish access to data
- Preparation of contingency plans based on, for example, tryggdigital.dk framework tools
- Test and documentation
In addition, we can in UNITAS help with topics that are not currently directly addressed in the questionnaire from Datatilsynet such as privacy policies, supervisory process of data processors, data classification, automated collection of read receipts for various policies, obtaining consents and all the IT security aspects such as encryption, vulnerability scans, etc., which are all elements of good and secure processing of personal data.
We do not yet know the remaining issues, as they are currently being consulted. Once we know them, we will update this blog post with guide on how to get along with UNITAS can answer an initial inspection from Datatilsynet easy, efficient and reassuring.
And… remember the following; now that you have reduced your GDPR risk, you have also reduced your business risk! Management will love you for it.
If you are now looking inwards into your own organization and think 'hmm… it is probably not quite good enough, what we already have', you are very welcome at UNITAS. We can ensure that you make it to the final stage and that you can confidently answer an inquiry from Datatilsynet with peace of mind.