老外要填个表格,
额,从来没有关注过GDPR,该如何填写?
1、Please describe how your firm accomplished data-processing activities mapping.
Data mapping means documenting of the flow of personal data within your company. This can be done via software or a simple graph.
2、Please describe how your firm created an asset inventory.
Creating an inventory includes categorizing and listing all applications used in-house, documenting whether or not applications process personal data and ensuring those applications handle data properly.
3、Please describe your Data Subjects' Access Rights procedure, including your Right to Erasure/Right to be Forgotten procedure.
A Data Subject Access Rights procedure allows Data Subjects to request a copy of all Personal Data held regarding themselves. These requests must be handled within 30 days and a record of these requests must be logged and stored.
A Right to Erasure policy allows Data Subjects to request that their Personal Data be erased. These requests must be handled within 30 days and a record of these requests and erasures must be logged and stored.
4、The GDPR requires a written Information Security policy. Does your firm have a documented Information Security policy and could you provide a copy of this to Lucid if requested?
An Information Security Policy documents policies around security and technology processes as it relates to the business so that sensitive information remains secure.