How to make the most of your ROPA (A.30 Record of Processing Activities)
ฝัง
- เผยแพร่เมื่อ 11 ก.ย. 2024
- Help us reach 1000 subscribers - www.youtube.com...
iSTORM website: www.istormsolutions.co.uk
LinkedIn: / richard-merrygold-7856847
Company Linkedin: / intelligentstorm
Facebook: / dataprotectiondiaries
We use our RoPA for DSARS , and find it very useful. Ensuring teams keep it up to date is another task entirely
The RoPA is great for just that, it’s also great for finding data sources and locations in the event of a breach! Nice work
Great vid as always. Definitely good to merge the RoPA and IAR together but I often have to emphasise that the IAR itself is *not* the RoPA - they are 2 separate (but linked) entities. So many organisations get this mixed up.
To try and make it easier to understand, I usually explain it as RoPA: Might be the task you're doing when you sit down at your desk & IAR: contains the tools (i.e. assets) you use to get the job done (docs/systems etc).
Trying to get the RoPA/IAR embedded is definitely challenging. I've previously tried to incorporate reviews into periodic data cleansing activities...it's a good opportunity to get people thinking about retention schedules etc every so often.
There is often a lot of confusion between the two, that's a great way of explaining it! I may have to 'borrow' that....:)
do you have any videos on audits and privacy framework creations?
There’s a few that may help:
Journey to compliance: th-cam.com/video/GsAotwEBOJY/w-d-xo.html
th-cam.com/video/Yv48P-iO0Po/w-d-xo.html This is an older video on governance frameworks
How to do a gap analysis: th-cam.com/video/B5lwGV0oR2Y/w-d-xo.html
If these don’t cover it, let me know and I’ll do a new one 👍🏻
❤️