An integrated approach to plan and optimise People, Process, Technology and Information Management
Many companies and charities have made a start on GDPR but some are failing to tackle core objectives of the accelerating array of both existing and emerging privacy regulations, such as:
- developing true customer-centric transparent communication
- implementing accountability to demonstrate effective risk management
- introducing a ‘Privacy by Design’ culture into your business operations.
Changes, especially in handling customer information, will impact the mentoring and training of staff, organisational structures, marketing strategy, and how teams share processes.
Our Optimiser4 service has been designed to provide a simple-to-use integrated online mapping approach to help you complete this important work and its ongoing management.
- People: Who and where are the people and teams handling your critical data and operations?
- Process: How do you map out and improve your operational processes and flows? How do you show where your critical data moves through and out of your organisation?
- Technology: How do you track what systems, applications and devices your people are using, how your data relates to them, and do you yet operate to IASME cybersecurity standards?
- Information Management: Have you done a recent GDPR and gap analysis check? What can you use under data protection rules?
Use Optimiser4 to visualise your processes and data
Our Optimiser4 service is based around a cloud-based tracker mapping tool which enables a business or charity to record your key activities and provide evidence to the regulators that you are approaching process and data management professionally and responsibly.
- Monitor & update your people and teams handling data in line with business changes and HR needs.
- Use the framework to document and continually review and audit your processes across all internal functions, plus key suppliers, partners and distributors: keep your compliance up-to-date, and find opportunities for improvements.
- Document your technologies, on-premise and in the cloud, including 3rd parties you integrate with: strengthen security, and help your IT team to make better decisions.
- Ensure you have captured all of the data, image, voice and video records of your customer touch points, and manage the correct lawful bases for processing.
- Develop a simple but comprehensive metadata library to record Lawful Bases for processing personal data (Contract, Consent, Legitimate Interest etc).
- Demonstrate your commitment to the GDPR’s ‘Privacy by Design’ objective.
Identify and remove your weak points
Process mapping is particularly relevant for private and public sector businesses and government agencies with high numbers of staff (especially social services, health, educational and charity sectors), who are exchanging very sensitive ‘special category’ data. Fundamental to our service are the following components:
- Creation of a GDPR Evidence Hub linking key policy documentation to metadata and workflows.
- Data Protection Impact Assessments (DPIAs).
- Workflow and Dataflow process maps.
- Development of field-level metadata libraries for subsequent data analyses
- Re-assessment of Business Intelligence needs.
If you think our services could be of use to your business or charity
Please contact us