Datafence follows a strict six step methodology to simplify the regulatory environment for business, so that both citizens and businesses can fully benefit from the digital economy and perform well in a secured and under a government & industry compliant environment. Our privacy methodology i briefly described as under:
Discovery & Awareness
In the Discovery phase our team will perform the following stepped assessment of the current state of privacy and compliance state using the Compliance Continuous Discovery Tool. Discovery & Awareness activities include the following:
- Meet with management and privacy office team to gather currently existing privacy policies, processes and documentation. In the same meeting we will assess the privacy regulations applicable to the business.
- Educate and raise awareness regarding Privacy
- Perform a high level Privacy Impact Assessment (PIA)
- Provide a Privacy Compliance Score and a high level rectification plan based on the current state of privacy policies, processes.
- Meet with management and privacy teams to discuss further steps.
Datafence Privacy Compliance Score can been summarized as follows :
In the design phase we closely analyze the current state the company’s existing privacy policies, processes and documentation and provide a detailed plan to address the privacy shortfalls using the Compliance Continuous Design Tool. Design activities include the following:
- Over the course of few days we meet with several teams within the company internal departments like Legal, IT and external data processors etc. to assess the current policies and processes.
- Perform a detailed Privacy Impact Assessment (PIA). The detailed PIA covers the mapping of applicable articles of regulation(s) to the currently implemented policies and processes.
- Provide a detailed PIA documentation and a detailed privacy plan that addresses the shortfalls to the management. The plan is broken down by the internal departments and external data processors.
- Once the plan has been approved by the management we share the plan with internal departments external data processors.
- Follow up sessions to provide further clarifications regarding the plan. During this time we will make several revisions to the plan based on feedback received. The revisions are also necessary to minimize interruptions and downtime.
In the implementation phase our team follows up directly with the internal departments and external data processors so that the privacy plan is accurately implemented. Implementation activities include the following:
- Internal departments and external data processors start implementing the activities in their respective project plan.
- Datafence team follow up with the respective groups regarding the completion of the plan
- Train internal departments and external data processors on the approved privacy processes
In the validation phase using the Compliance Continuous Validation Tool we verify that all activities as stated in the privacy plan have been sufficiently addressed. Validation activities include the following:
- Meet with with internal departments external data processors to gain formal closure of their respective project plans.
- Perform a detailed validation of the privacy plan. Perform PIA on items that failed validation in the previous PIA.
- Share final results including PIA documentation, completed privacy plan, documentation as well as the final Privacy Compliance Score
- Gain final approvals from the management
Datafence strongly believes that compliance is a continuous process. This is the reason we offer our Compliance Continuous service to our customers. The Compliance Continuous service aims at making sure that the customers are fully protected in the future in event of changes arising from changes to regulations, infrastructure and internal processes that may render existing privacy processes invalid. We do this by extending our service with the following phases:
In the monitoring phase using the Compliance Continuous Monitoring Tool we implement an alerting mechanism to make sure the management is alerted whenever an item in the privacy processes get invalidated. Monitoring activities include the following:
- Monitor the privacy processes in place
- Provide alert data to the management regarding invalidated items. Optionally, share the results with Datafence.
- Provide the results of the monitoring tool to analytical systems like Hadoop, Cloud Big Data etc.
In the continuity phase we provide rectification plan and re-validation services based on the alerting results from the Compliance Continuous Monitoring Tool. Continuity activities include the following:
- Draft a rectification plan based on the invalidated items
- Share rectification plan with management and gain approvals
- Follow up with internal departments or external data processors regarding execution of the rectification plan
- Perform validation on items that failed validation previously
- Share final results with the management