Home | Information Security Management | Data Privacy Management | National and International Realisation | kronsoft.de

opus i 

Data Privacy Management System (DPMS) ( 1 of 3 )

Legal Regulations and Prestige

Perhaps you are subject to legal regulations. Or you realized that the right on privacy becomes more and more important to people. And now you would like to have a working Data Privacy Management System (DPMS).

Unfortunately there is no Standard for Privacy like the Standard for Information Security.

But we say, the implementation of a DPMS is nothing else than the ISO 27001 - only with other contents, properties and controls.

Spend one hour and learn how a Data Privacy Management System is implemented and maintained. We will show you one possible way.

Read the information above the picture then take a look at the picture.

2.
In the following examples the data privacy management will be shown without the Information Security Management.
As we said before, to realize Privacy you have to document and control the procedures concerning privacy data.

To document such procedures use the opus i object “Procedure Privacy”.
The type of the captured information is adjustable. You only need to adjust these presets once.

3.
Based on the collected and documented information about access rights to procedures, data recipients and data subjects (and also third parties) you have the possibility to plan the trainings for the involved persons exactly. It is a fact that a mangement system only can work correctly and properly if the involved persons are well instructed. You can keep all the trainings, policies or agreements and stipulations available in opus i.

1.
The base of a working DPMS is the knowledge of the procedures* your organisation has installed; the subject and the origin of the personal data and the recipients of these personal data (who receives these data?).
  Furthermore the employees - processing personal data - have to be trained in Privacy.
  Third parties that have access to such data, have to be exactly instructed what they have to do and what not. Best to set this relationship to a contractual basis.
  All this and more is described perfectly in the German Data Privacy Act (BDSG). If you have no own Privacy Act, take the BDSG for your fundamental direction (download: the BDSG German/English) to build your opinion and concept.

Your data privacy team is the same as the information security team. Deciding to realize the DPMS within the ISMS is the best possible choice (you get about 400 controls - special to Privacy - out of the information security controls).

The rest of your work:

• You have to record: used and planned procedures*, the employees or groups processing personal data and the outsourcing contractors (third parties).
• It would be perfect if you decided to show the Privacy process(es). In this case you can additionally record: building groups, room groups, server groups, desktop computer groups, your physical networks.
• With these elements (objects) you have to model the Privacy process(es).

(*)Procedures means software applications processing or using personal data.

If you make the decission to realize the DPMS within the ISMS read our hints for information security first - then come back and continue.

3.1 A documented contract. The contract itself can directly be linked to this object. The object itself can be referenced to every object you want.

2.1 The presets - which information is documented - only has to be done once and is valid for all procedures.

2.2 On the tab “Data flow” it can be documented which data the Recipient receives and which data the Data Subject has delivered (collected from the data subject).

2.3 If the procedure is used in other/many processes a reference to the original object can be used. This saves a lot of time on maintenance.

Without image: each procedure can be marked as a “Common Procedure” and can be used by other users for their own purposes.

© 2010 kronsoft^® Germany  

downloads / access right         contact   support   customer area   sitemap   about kronsoft