Important

A privacy management system: luxury or necessity?

At the end of March and in April, it happened again a few times: leading companies were faced with a data leak. The data of hundreds of thousands of customers were released. Some companies were even blackmailed with this data. The stolen data would not be published for a fee. This shows once again how important good privacy management is. It is not without reason that systems in this area are becoming increasingly popular. But what exactly do you get from it? And does it protect organizations from a data leak?

Een privacy management systeem: luxe of noodzaak?

What is a privacy management system (PMS)

A privacy management system (also called PMS) consists of various components that give you better insight into the security of your data. It helps you to see what kind of data you manage, what you do with it and what you need to do as soon as this data ends up on the street. Components that help with this are the Register of Processing, Incident and Data Leak Register, GDPR Register and Standards Framework Assessment.

Basics in order with standards frameworks

There are various standards frameworks that you can use to assess the protection of privacy and data within your organization, such as the CIP GDPR, NOREA or the BIO. It is important to know what data you process as an organization and what happens to this data. These factors provide frameworks that you need to record to demonstrate which technical and organizational measures you take to comply with the established privacy and/or information policy. Recording, that’s what it’s all about.

From disastrous to insightful

So far it sounds simple. But in practice, privacy officers often have the greatest difficulty in gathering the necessary information to demonstrate that their organization is ‘in control’ when it comes to privacy. Chief Information Security Officers (CISOs) need a complete overview, but do not get it because the information is everywhere in the organization. Many organizations still work with Excel sheets for their privacy management and combining them is very complicated and time-consuming. Every department writes differently and that makes it almost impossible to create clear reports. This is the great strength of a privacy management system: uniformity and overview. At every level in the organization you know how things are going when it comes to privacy. Reports roll out like that. In addition, connections can be made between systems and various standards frameworks. Does a check on a system yield a finding? Then this finding is simultaneously shown on a relevant standards framework. In other words: check once, comply to many. That saves you a lot of work and time.

Reduce the consequences and impact of a data leak

That insight and overview will also help you through the storm if you are faced with a data leak – small or large. With a suitable system, you have worked out and recorded what you need to do at such a moment. You know what is leaking and from which system, and you know with whom you share data. For example, if it is only names, the impact is relatively limited. If there are also BSNs on the street, the scale and urgency you need to act on is significantly different. Because with this system you know what the next steps are, you reduce the consequences of a data leak and the impact of those consequences. Of course, prevention is still better than cure. The privacy management system also helps with that. Because this system contains the management measures and associated actions that reduce the chance of a data leak. Monitoring this remains a constant focus, which reduces the risks. That can save you a lot of misery.

Growing privacy awareness

In addition to the fact that as an organization you have a legal obligation to handle privacy-sensitive data with care (and the fines can be high in the event of a data breach), image is also becoming increasingly important. Customers and citizens are increasingly paying attention to how an organization handles their data. Is security guaranteed? Is data stored in Europe or the US – where different rules apply with regard to the security of personal data? Privacy awareness is clearly growing and that is a factor to take into account. That can also be a reason to use a system, because it shows what you are doing to protect the privacy-sensitive data of customers or citizens.

Stick behind the door

In order to work with such a system, the internal processes must of course be in order. So: what data do you record, how do you do that and in which systems? Which components do you want to check and who is responsible for what? In fact, it is just like with a library: you need books to be able to document and sort. Is this process not yet in order? Then starting with a privacy management system is a great incentive to really organize privacy protection better. The great thing is that you don’t have to do it all at once. Start small and then expand step by step. Start with the most important department or process for you. If it works well there, you can continue.

So there are several reasons why more and more organizations are opting for help in the area of privacy and data security. Do you need a system in this area? Strictly speaking, no. But it does make life a lot easier.

More information about a privacy management system (PMS)

Want to know more about using a privacy management system? Or do you want to know how privacy protection is integrated into our Key Control Dashboard? Then contact us.

Share this article