Important Department wise Compliance under GDPR- Part 2

In continuation to our post (link here-https://worldprivacylaw.com/?p=798) we are sharing some more department wise compliance checklists in bullet points that might be helpful and interesting to all the privacy compliance enthusiasts. 

F) Travel and immigration

  1. Ensure high degree of accuracy and information security while collection and processing of PII/SPI
  2. Ensure procedures followed for transfer of PII/SPI between employees, travel & immigration departments, service providers, consulates, travel agencies are secured enough to prevent data breaches.

G) IT Department (Hardware, Software, Communication systems, Collaboration platforms etc;)

  1. Have appropriate policies ensuring that the IT assets and platforms are used for official purposes only. 
  2. CCTV – Avoid monitoring specific workstations as it may lead to employee monitoring. Also do not implement CCTV cameras in private areas such as rest rooms, changing rooms (e.g. in Gym, Swimming Areas)
  3. Facilities (Physical infrastructure, security and maintenance)
  4. Where any asset belonging to the company or to the individual is used both for official and personal purposes e.g. Smart Phone, ensure that appropriate MAM/MDM policies are in place to demarcate official and personal applications/data and that personal applications/data are not accessible to the company.
  5. Bring Your Own Device (BYOD) policies should be made transparent to the employees

H) Information Systems Department

  1. Privacy by Design in Applications
  2. Secure Coding Practices
  3. Ensure that the PII/SPI are stored in the Data Centers/Countries are per the applicable Data Localisation Laws.
  4. Technical provision for servicing requests on Data Portability

I) Information Security Department

  1. Ensure that email, internet, network and IT asset monitoring, if any, is conducted in compliance with the applicable employment laws, telecommunication laws and data privacy regulations.
  2. Identity and Access Management
  3. Authentication

Abbreviations-

  1. PII– Personally Identifiable Information
  2. SPI– Sensitive Personal Information

Picture Credit- https://www.scconline.com/