Three Core Questions of Data Privacy
To answer this question, we should maintain data inventories, including inventories of processing activities, assets and recipients etc. JANUCAT provides data inventories module that includes all the elements required by GDPR
To answer this question, we should perform various assessments.
In the area of privacy compliance, we should perform impact assessment, including DPIA/PIA (Data Protection Impact Assessment / Privacy Impact Assessment), TIA (Transfer Impact Assessment ), LIA (Legitimate Interests Assessment ) etc.
In the area of security, we should perform security assessment for assets such as Web applications, mobile applications, backend services etc.
In the area of processors management, we should perform due diligence to evaluate the privacy protection level of vendors.
JANUCAT provides assessments module including these assessment templates.
For detailed processing activity, we should prepare all compliance records of designated processing activity, and make them ready for regulatory inspection at any time.
And, we need general technical and organizational measures for regulating all processing activities, including internal policies, processess, risk management records, audit records, and records of privacy by design etc.
JANUCAT provides an accountability framework to guide compliance practices.