{"id":798,"date":"2021-11-19T17:42:01","date_gmt":"2021-11-19T17:42:01","guid":{"rendered":"https:\/\/worldprivacylaw.com\/?p=798"},"modified":"2021-11-19T17:42:01","modified_gmt":"2021-11-19T17:42:01","slug":"important-department-wise-compliance-under-gdpr-part-1","status":"publish","type":"post","link":"https:\/\/worldprivacylaw.com\/?p=798","title":{"rendered":"Important Department wise Compliance under GDPR- Part 1"},"content":{"rendered":"\n

In today\u2019s article we will discuss the Specific GDPR requirements applicable to the departments of any organisation and they are:- <\/p>\n\n\n\n

A)<\/strong> <\/strong>Data Privacy Office <\/strong><\/p>\n\n\n\n

  1. Appointment of Data Protection Officer,Chief Privacy Officer and team<\/li>
  2. Development and implementation of Personal Information Management System (Policies, Manual, Procedures, Templates, Records etc;)<\/li>
  3. Data Subject Rights Management<\/li>
  4. Incident\/Breach Management<\/li>
  5. Risk Management<\/li>
  6. Training, Awareness & Certifications<\/li>
  7. Understanding of the prevailing and upcoming data privacy requirements<\/li>
  8. Internal Audits through independent auditors<\/li>
  9. Liaison with the Data Protection\/Supervisory Authorities<\/li>
  10. Create and maintain inventory of PII\/SPI and its processing details in the company<\/li>
  11. Privacy Impact Assessment<\/li>
  12. Cross-border personal data transfer impact assessment<\/li><\/ol>\n\n\n\n

    B)<\/strong> <\/strong>Legal<\/strong><\/p>\n\n\n\n

    Inclusion of applicable Data Privacy clauses (on personal data processing and cross border personal data transfer) in the agreements with Clients and Service Providers\/Vendors.<\/p>\n\n\n\n

    C)<\/strong> <\/strong>Company Secretary’s Office<\/strong><\/p>\n\n\n\n

    Handle Shareholder personal data as per the common requirements listed in point 2 above<\/p>\n\n\n\n

    D)<\/strong> <\/strong>Recruitment\/HR<\/strong><\/p>\n\n\n\n

    1. Do not collect PII\/SPI which are discriminatory in nature<\/li>
    2. Do not process PII\/SPI for purposes not required by employment law and staff welfare<\/li>
    3. Do not take decisions on employees based on “automated decision making” solution<\/li>
    4. Involve a step of manual intervention and review prior to final decision<\/li>
    5. Policies on publishing content on social media and collaboration platforms<\/li>
    6. Separate consents and compliance with other DP procedures for processing PII\/SPI of employee’s spouse and children<\/li>
    7. Ensure anonymity in collection\/processing of diversity related data<\/li><\/ol>\n\n\n\n

      E)<\/strong> <\/strong>Finance (Payroll, Tax, Claims Reimbursements, etc;)<\/strong><\/p>\n\n\n\n

      Ensure high degree of accuracy while collection and processing of PII\/SPI<\/p>\n\n\n\n

      Abbreviations-<\/strong><\/p>\n\n\n\n

      1. PII<\/strong>– Personally Identifiable Information<\/li>
      2. SPI<\/strong>– Sensitive Personal Information <\/li><\/ol>\n\n\n\n

        Picture credit- https:\/\/kinsta.com<\/p>\n","protected":false},"excerpt":{"rendered":"

        In today\u2019s article we will discuss the Specific GDPR requirements applicable to the departments of any organisation and they are:-  A) Data Privacy Office  Appointment […]<\/p>\n","protected":false},"author":2,"featured_media":799,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[9],"tags":[],"_links":{"self":[{"href":"https:\/\/worldprivacylaw.com\/index.php?rest_route=\/wp\/v2\/posts\/798"}],"collection":[{"href":"https:\/\/worldprivacylaw.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/worldprivacylaw.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/worldprivacylaw.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/worldprivacylaw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=798"}],"version-history":[{"count":1,"href":"https:\/\/worldprivacylaw.com\/index.php?rest_route=\/wp\/v2\/posts\/798\/revisions"}],"predecessor-version":[{"id":800,"href":"https:\/\/worldprivacylaw.com\/index.php?rest_route=\/wp\/v2\/posts\/798\/revisions\/800"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/worldprivacylaw.com\/index.php?rest_route=\/wp\/v2\/media\/799"}],"wp:attachment":[{"href":"https:\/\/worldprivacylaw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/worldprivacylaw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/worldprivacylaw.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}