AustLII Home | Databases | WorldLII | Search | Feedback

Edited Legal Collections Data
You are here:  AustLII >> Databases >> Edited Legal Collections Data >> 2020 >> [2020] ELECD 130

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

"Checklist" [2020] ELECD 130; in Determann, Lothar (ed), "Determann's Field Guide To Data Privacy Law" (Edward Elgar Publishing, 2020) 197

Book Title: Determann’s Field Guide To Data Privacy Law

Editor(s): Determann, Lothar

Publisher: Edward Elgar Publishing

Section Title: Checklist

Number of pages: 5

Extract:

CHECKLIST 197




Checklist
Data Privacy Compliance Program

Checklists can be handy to create agendas for meetings, task lists
for projects and guidance for a quick health check on an organ-
ization's compliance status. They should not create a false sense of
completeness though. With the following checklist, you should be
able to determine major gaps and get a discussion about compliance
going.

1. Who is in charge of data privacy and security compliance in the
organization?

Determine whether your company should appoint a Chief Privacy
Officer and/or local liaisons, and whether you are legally required
to appoint data protections officers or, under the GDPR, author-
ized local representatives.

Are all stakeholders instructed and trained regarding their respon-
sibilities, in particular:

Information technology department (regarding data security,
retention and access restrictions),

Premises security (specifically regarding surveillance cameras,
warning signs and physical access controls),

Human resources department (regarding employee files, HRIS,
monitoring, whistleblower hotline), and

Sales and marketing personnel (specifically regarding direct and
online marketing)?




197
198 DETERMANN'S FIELD GUIDE TO DATA PRIVACY LAW


2. Do you keep data secure?

Do you have a security policy that describes sufficient physical,
technical and organizational data security measures, e.g., database
access controls and device encryption?

Are all employees familiar with the policy and actually complying
with it?

Are service providers carefully selected and monitored with
respect to data security and are appropriate contracts in place?

Are you prepared for a data security breach with respect to notice
and compensation requirements ...

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/ELECD/2020/130.html