"UNITAS has taken up simulated answering of the questions towards some existing customers, and can conclude that with that the customers work with UNITAS has done, it enables them to correspond practically to a 12-figure throughout. ”
UNITAS has requested insight into the Danish Data Protection Agency's (DT) questionnaire framework, which is used with companies and organizations in connection with initial supervision. The questionnaire currently contains approx. 50 questions and can read here! Guide to the form can be found here!
In addition to the obvious areas, the questions deal with documentation of treatment activities (the list) and risk assessments (which must be able to be documented with date stamps, have management approval, etc.) in particular the technical safety measures.
The technical safety measures in question count topics such as; secure communication, ability to re-establish data from backup, secure updated and tested contingency plans etc.
When we in UNITAS embraces both law, compliance and IT security, we can, among other things. help you with the following that ensures you have the basics in place:
- Basic GDPR documentation
- Mapping of processes and systems
- Preparation of your business listing
- Quality assurance of data processor agreements that form part of the basis for the subsequent…
- … Risk assessment, which must be date-marked and management-approved
- Documentation of basic technical and organizational security measures
- Preparation of general controls
- Prepare IT security policy, for example based on and background in CFCS recommendations
- Develop procedures for handling breaches of information security as well as logging function
- Establish or transfer documentation to a system that meets the requirements for date marking, traceability and versioning
- Ability to communicate securely
- Advise on secure communication
- Implement secure communication platforms
- Inspection of any existing secure communication platform
- Ability to recover data
- Review of existing backup solution
- Advise on backup
- Ensure fully automated ongoing restore testing of files, databases etc.
- Ability to re-establish access to data
- Preparation of contingency plans based on, for example, tryggdigital.dk framework tools
- Test and documentation
In addition, we can in UNITAS help with topics that are not currently directly addressed in the questionnaire from the Danish Data Protection Agency, such as privacy policies, supervision process of data processor, data classification, automated collection of reading receipts for various policies, obtaining consents and all IT security aspects such as encryption, vulnerability scans etc. all are elements of a good and secure processing of personal data.
We do not yet know the remaining issues, as they are currently being consulted. Once we know them, we will update this blog post with guide on how to get along with UNITAS can answer an initial inspection from the Danish Data Protection Agency easily, efficiently and reassuringly.
And… remember the following; now that you have reduced your GDPR risk, you have also reduced your business risk! Management will love you for it.
If you are now looking inwards into your own organization and think 'hmm… it is probably not quite good enough, what we already have', you are very welcome at UNITAS. We can ensure that you get the last piece and that you can respond reassuringly to an inquiry from the Danish Data Protection Agency with peace of mind.