A blog about GRC (Governance, Risk Management, and Compliance)

Jakob Holm Hansen


Seneste indlæg

GDPR: You prepare more records of processing activities than you should

[fa icon="calendar'] Monday, 14 May 2018 / by Jakob Holm Hansen

[fa icon="comment"] 0 comments

Due both to an eagerness to do things correctly and a fear of doing things wrong, many companies prepare far more records of their processing activities than necessary. Our expert explains how you can group together your processing activities and save yourself many hours of (wasted) work.

More [fa icon="long-arrow-right"]

GDPR: You Passed the Test – Now What?

[fa icon="calendar'] Friday, 16 February 2018 / by Jakob Holm Hansen

[fa icon="comment"] 0 comments

Picture this: it’s the end of May and you’ve managed to fulfil the criteria of the EU Data Protection Regulation - you’ve achieved GDPR compliance. But how do you make sure you stay compliant in the future?

No doubt the GDPR implementation project was big and required a team effort. There might even have been extra resources allocated, as everyone realised the importance of getting this right. But now that the deadline has passed, and the goal has been met, your co-workers need to get back to their day-to-day assignments. So how do you successfully maintain continuous GDPR compliance with half the people, and maybe even half the resources?

More [fa icon="long-arrow-right"]

To Assess, Or Not To Assess

[fa icon="calendar'] Tuesday, 19 December 2017 / by Jakob Holm Hansen

[fa icon="comment"] 0 comments

- Guidance and good advice for carrying out a DPIA

For some organisations, the DPIA is high on the list of GDPR related assignments that need to be sorted. But for many, the DPIA can actually wait – or at least be simplified so that it doesn’t require so many resources. Our Director explains when and how you should carry out a DPIA.

More [fa icon="long-arrow-right"]

GDPR: Make It Easy to Do It Right

[fa icon="calendar'] Tuesday, 21 November 2017 / by Jakob Holm Hansen under Awareness

[fa icon="comment"] 0 comments

The EU Data Protection Regulation states that you must train your employees in handling - and securing - personal data. However, it doesn't say anything about how you should train your employees in handling personal data.

"That part is open to interpretation, so you have to get creative," says Lone Forland, our product specialist who also works with information security campaigns.

More [fa icon="long-arrow-right"]

Dear IT Manager: GDPR is not your responsibility – but it is your task

[fa icon="calendar'] Monday, 16 October 2017 / by Jakob Holm Hansen

[fa icon="comment"] 1 comments

The EU Data Protection Regulation is a good example of just how important it is to define a challenge before you start trying to solve it.

Essentially, GDPR is about organisations protecting their personal data. However, before you can figure out how your organisation protects its personal data, you need to know why the organisation has this data to begin with. Understanding the reason is basically a pre-requisite for taking any action.

More [fa icon="long-arrow-right"]

Why You Should Be Carrying Out a Risk Assessment

[fa icon="calendar'] Saturday, 08 July 2017 / by Jakob Holm Hansen

[fa icon="comment"] 0 comments

Most organisations know that performing a risk assessment is good practice. However, not all organisation actually do risk assessments, and those who do, often approach them in the wrong way. All too often, risk assessments are treated as a project that can be finished and that will be that, whereas the reality is that risk assessment and risk treatment are an ongoing process.

Risk Assessment And Risk Treatment Are a Process

Risk assessment is a process, not a one-off project. The reasons for this can be boiled down to these three points:

More [fa icon="long-arrow-right"]

Continuous Compliance with the GDPR

[fa icon="calendar'] Tuesday, 25 April 2017 / by Jakob Holm Hansen

[fa icon="comment"] 0 comments

Climbing that mountain of compliance, over and over again.

GDPR has been with us since 2018, and some are still panicking. Becoming compliant and staying compliant are two very different things. In this blogpost, I will highlight the difference between the two and how to tackle the challenges that may arise along the way.

For the better part of a year, we have all been told that the EU GDPR is here, and that we will need to live up to a host of new requirements. The fear mongers have also told us about the huge fines we will be subject to, and just how far away from being compliant we all are.

So, there has been a lot of talk about what the requirements we will be hit with are, but there has not been as much talk about how to actually run an implementation project. And a lot of that talk is based on interpretations of the regulation and - in many cases - an unfounded over-implementation of the regulation.

More [fa icon="long-arrow-right"]

Product Release: Secure GDPR

[fa icon="calendar'] Tuesday, 04 April 2017 / by Jakob Holm Hansen

[fa icon="comment"] 0 comments

With just over a year until the EU General Data Protection Regulation comes into force, and enormous financial penalties waiting for those who don’t comply, now is the time to start preparing. However, recent studies show that most companies are far from complying with the GDPR, and many struggle to figure out where to start.

At Neupart, we believe that the only way to ensure continuous compliance with such a thorough regulation, is to use a program designed specifically for that. That’s why we’ve created Secure GDPR, a software that helps you comply with the new data protection regulation. Relying on human memory or endless spreadsheets means you can quickly lose overview. By putting the data protection regulation into our software, we’ve made it easy for you to know where you stand, what you need to do, and tick those boxes off, one by one. Having our software also means that maintaining your compliance after the initial implementation becomes much more manageable, whether you’re doing it with the aid of a DPO or not.

More [fa icon="long-arrow-right"]

Data Protection Officers - Who Needs Them?

[fa icon="calendar'] Monday, 13 March 2017 / by Jakob Holm Hansen

[fa icon="comment"] 0 comments

Data Protection Officers. It’s a topic that seems to be on everyone’s mind now that we actively preparing for the implementation of the GDPR, but who needs them?

Anyone working with information security management is by this stage well aware of the upcoming EU General Data Protection Regulation. Come to think of it, even those not working with information security management have probably heard of it too, considering the amount of coverage it has gotten. It’s no wonder given that the new regulation will be the biggest data protection regulation to date. Even though it is being set by the European Union, it will affect companies worldwide. This is because together, the 28 EU member states not only represent the world’s largest economy but are the top trading partner for 80 countries. Effectively, this means that any country dealing with personal data from citizens of the European Union will need to comply with the GDPR.

 

Download our 7-step guide to implenting the EU GDPR

 

Soon after the news about the GDPR broke, another abbreviation started popping up everywhere: DPO. Of course, a Data Protection Officer is not a new role per se, but with the sudden focus on the legality of data protection, it only makes sense that we start focusing more on their role. The International Association of Privacy Professionals originally estimated that the new data protection regulation would require 28,000 DPOs in Europe and the United States. They have now increased that number up to 75,000 new DPO positions, worldwide. 75,000 is a lot of positions to fill, which leads to the question: who needs a Data Protection Officer?

More [fa icon="long-arrow-right"]

How to comply with the EU GDPR

[fa icon="calendar'] Wednesday, 28 September 2016 / by Jakob Holm Hansen

[fa icon="comment"] 0 comments

The EU GDPR is one of the most substantial security initiatives in many years. This is on the one hand due to the scope of the regulatory work in the EU has been comprehensive and a long time coming. On the other hand, this is also due to the consequences of the EU GDPR having important implications for both the private and public sectors in Europe.

More [fa icon="long-arrow-right"]

GRC blog

The NorthGRC blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts