{"id":238,"date":"2021-07-27T13:04:23","date_gmt":"2021-07-27T11:04:23","guid":{"rendered":"https:\/\/www.amedeomaturo.com\/en\/?p=238"},"modified":"2022-03-31T09:32:21","modified_gmt":"2022-03-31T07:32:21","slug":"data-privacy-assessment-privacy-program","status":"publish","type":"post","link":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/","title":{"rendered":"Data Privacy Assessment"},"content":{"rendered":"<h1>Data Privacy Assessment<\/h1>\n<p>This time we need to focus our attention on the <strong>Data Privacy Assessment<\/strong> phase. So far, we&#8217;ve been talking about the process of having a solid <strong>privacy program<\/strong>. Accordingly, we have analyzed:<\/p>\n<ul>\n<li>The general concept of the <a title=\"Certified Information Privacy Manager \u2013 CIPM\" href=\"https:\/\/www.amedeomaturo.com\/blog\/certified-information-privacy-manager-cipm\/\"><strong>privacy program management<\/strong><\/a>;<\/li>\n<li>The <a title=\"Privacy Governance\" href=\"https:\/\/www.amedeomaturo.com\/blog\/privacy-governance\/\"><strong>privacy governance<\/strong><\/a>; and<\/li>\n<li>The applicable <strong><a title=\"Privacy Laws and Regulations Applicable to you\" href=\"https:\/\/www.amedeomaturo.com\/blog\/privacy-laws-and-regulations-applicable-to-you\/\">privacy laws.<\/a><\/strong><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Data Assessment: what is that?<\/h2>\n<p>It is a catalogue or inventory of all the data processed by the organization. Consequently, the first thing an entity should do is to have an <strong>inventory<\/strong> of all the data processed. But how?<\/p>\n<p>In the first place, the entity can use a tool to do the job. The market is pretty mature and there are zillions of technical solutions. These fantastic software can scan your system and catalogue the findings according to the main categories. As an illustration, the categories could be as following:<\/p>\n<ul>\n<li>Geo-localization;<\/li>\n<li>IDs and Social Security identifiers;<\/li>\n<li>Name;<\/li>\n<li>Email;<\/li>\n<li>Financial data (e.g., credit card numbers);<\/li>\n<\/ul>\n<p>And a very long list of predefined categories.<\/p>\n<p>As an alternative, you can use a different (and more manual) approach. That means: your entity should ask the different <strong>product owners<\/strong> to identify the data <strong>they use<\/strong> in their processes. Let&#8217;s start the easier way possible and ask the product owners to draw, in a simple <strong>data map<\/strong>, the <strong>data lifecycle<\/strong>. I like <a href=\"https:\/\/app.diagrams.net\/\" target=\"_blank\" rel=\"noopener\"><strong>draw.io<\/strong><\/a> but I don&#8217;t endorse, sponsor nor have any professional\/personal interest in this tool. It&#8217;s just as simple as that: I like it.<\/p>\n<p>Nevertheless, even drawing the whole data processing can add a lot of work on your already busy colleagues. To that end, you can limit your initial <strong>data inventory<\/strong> to the <strong>personal data<\/strong>. At the end of the day, we&#8217;re only focusing on the <strong>privacy program<\/strong>, right?<\/p>\n<p>&nbsp;<\/p>\n<h2>The elements of the inventory<\/h2>\n<p>The list of the elements is clearly inspired in the Book of Knowledge of the <a href=\"https:\/\/iapp.org\/certify\/cipm\/\" target=\"_blank\" rel=\"noopener\"><strong>CIPM certification<\/strong><\/a>. Among other items, the following should be part of the inventory:<\/p>\n<ol>\n<li>Context and purpose;<\/li>\n<li>Product owner;<\/li>\n<li>Where the data are stored (don&#8217;t forget to mention the cloud);<\/li>\n<li>The format (logic &amp; paper);<\/li>\n<li>Categories of personal data (health, IDs, audio, video, financial data, etc.);<\/li>\n<li>International transfers (if any).<\/li>\n<\/ol>\n<p>Feel free to add your own items. And, if you want us to update the list, feel free to drop us <a href=\"https:\/\/www.amedeomaturo.com\/contacto\/\"><strong>an email<\/strong><\/a>. We are your <strong>Privacy Manager in Spain, Europe<\/strong>.<\/p>\n<p>Now that you have completed your own <strong>data privacy assessment<\/strong>, you are on the right path to build\u00a0 your Records of Processing Activities, in order to comply the art. 30 of the General Data Protection Regulation (<strong>GDPR<\/strong>).<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<div id=\"attachment_3026\" style=\"width: 310px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-3026\" class=\"wp-image-3026 size-medium\" title=\"Privacy Pro\" src=\"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/07\/2016_IAPP_4X1.75_laptop_suckers.PRINT2016-01-300x132.png\" alt=\"Privacy Pro\" width=\"300\" height=\"132\" \/><p id=\"caption-attachment-3026\" class=\"wp-caption-text\">Privacy Pro<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Data Privacy Assessment This time we need to focus our attention on the Data Privacy Assessment phase. So far, we&#8217;ve been talking about the process of having a solid privacy program. Accordingly, we have analyzed: The general concept of the privacy program management; The privacy governance; and The applicable privacy laws. &nbsp; Data Assessment: what [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[39,40,41,42,43,44,45],"tags":[46,47,48,49,50,112,24,25,7,51,111,52],"class_list":["post-238","post","type-post","status-publish","format-standard","hentry","category-assessment","category-data-inventory","category-data-lifecycle","category-data-map","category-data-privacy-assessment","category-privacy-impact-assessment","category-privacy-program","tag-data-assessment","tag-data-inventory","tag-data-lifecycle","tag-data-map","tag-data-privacy-assessment","tag-europe","tag-gdpr","tag-personal-data","tag-privacy","tag-privacy-laws","tag-privacy-manager-in-spain","tag-privacy-program"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data Privacy Assessment - Amedeo Maturo - English<\/title>\n<meta name=\"description\" content=\"data privacy assessment privacy governance privacy program privacy laws data map personal data inventory data lifecycle CIPM GDPR\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Privacy Assessment - Amedeo Maturo - English\" \/>\n<meta property=\"og:description\" content=\"data privacy assessment privacy governance privacy program privacy laws data map personal data inventory data lifecycle CIPM GDPR\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/\" \/>\n<meta property=\"og:site_name\" content=\"Amedeo Maturo - English\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-27T11:04:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-31T07:32:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/07\/2016_IAPP_4X1.75_laptop_suckers.PRINT2016-01-300x132.png\" \/>\n<meta name=\"author\" content=\"Amedeo Maturo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Amedeo Maturo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/\"},\"author\":{\"name\":\"Amedeo Maturo\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\"},\"headline\":\"Data Privacy Assessment\",\"datePublished\":\"2021-07-27T11:04:23+00:00\",\"dateModified\":\"2022-03-31T07:32:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/\"},\"wordCount\":447,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/2016_IAPP_4X1.75_laptop_suckers.PRINT2016-01-300x132.png\",\"keywords\":[\"Data Assessment\",\"data inventory\",\"data lifecycle\",\"data map\",\"data privacy assessment\",\"Europe\",\"GDPR\",\"personal data\",\"privacy\",\"Privacy Laws\",\"Privacy Manager in Spain\",\"privacy program\"],\"articleSection\":[\"assessment\",\"data inventory\",\"data lifecycle\",\"data map\",\"data privacy assessment\",\"Privacy Impact Assessment\",\"privacy program\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/\",\"name\":\"Data Privacy Assessment - Amedeo Maturo - English\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/2016_IAPP_4X1.75_laptop_suckers.PRINT2016-01-300x132.png\",\"datePublished\":\"2021-07-27T11:04:23+00:00\",\"dateModified\":\"2022-03-31T07:32:21+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\"},\"description\":\"data privacy assessment privacy governance privacy program privacy laws data map personal data inventory data lifecycle CIPM GDPR\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/2016_IAPP_4X1.75_laptop_suckers.PRINT2016-01-300x132.png\",\"contentUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/2016_IAPP_4X1.75_laptop_suckers.PRINT2016-01-300x132.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-privacy-assessment-privacy-program\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data Privacy Assessment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/\",\"name\":\"Amedeo Maturo - English\",\"description\":\"Otro sitio m\u00e1s de Amedeo Maturo - Multisite\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\",\"name\":\"Amedeo Maturo\",\"sameAs\":[\"http:\\\/\\\/www.amedeomaturo.com\"],\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/author\\\/amedeomaturo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data Privacy Assessment - Amedeo Maturo - English","description":"data privacy assessment privacy governance privacy program privacy laws data map personal data inventory data lifecycle CIPM GDPR","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/","og_locale":"en_US","og_type":"article","og_title":"Data Privacy Assessment - Amedeo Maturo - English","og_description":"data privacy assessment privacy governance privacy program privacy laws data map personal data inventory data lifecycle CIPM GDPR","og_url":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/","og_site_name":"Amedeo Maturo - English","article_published_time":"2021-07-27T11:04:23+00:00","article_modified_time":"2022-03-31T07:32:21+00:00","og_image":[{"url":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/07\/2016_IAPP_4X1.75_laptop_suckers.PRINT2016-01-300x132.png","type":"","width":"","height":""}],"author":"Amedeo Maturo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Amedeo Maturo","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/#article","isPartOf":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/"},"author":{"name":"Amedeo Maturo","@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b"},"headline":"Data Privacy Assessment","datePublished":"2021-07-27T11:04:23+00:00","dateModified":"2022-03-31T07:32:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/"},"wordCount":447,"commentCount":0,"image":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/#primaryimage"},"thumbnailUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/07\/2016_IAPP_4X1.75_laptop_suckers.PRINT2016-01-300x132.png","keywords":["Data Assessment","data inventory","data lifecycle","data map","data privacy assessment","Europe","GDPR","personal data","privacy","Privacy Laws","Privacy Manager in Spain","privacy program"],"articleSection":["assessment","data inventory","data lifecycle","data map","data privacy assessment","Privacy Impact Assessment","privacy program"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/","url":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/","name":"Data Privacy Assessment - Amedeo Maturo - English","isPartOf":{"@id":"https:\/\/www.amedeomaturo.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/#primaryimage"},"image":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/#primaryimage"},"thumbnailUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/07\/2016_IAPP_4X1.75_laptop_suckers.PRINT2016-01-300x132.png","datePublished":"2021-07-27T11:04:23+00:00","dateModified":"2022-03-31T07:32:21+00:00","author":{"@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b"},"description":"data privacy assessment privacy governance privacy program privacy laws data map personal data inventory data lifecycle CIPM GDPR","breadcrumb":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/#primaryimage","url":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/07\/2016_IAPP_4X1.75_laptop_suckers.PRINT2016-01-300x132.png","contentUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/07\/2016_IAPP_4X1.75_laptop_suckers.PRINT2016-01-300x132.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.amedeomaturo.com\/en\/data-privacy-assessment-privacy-program\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amedeomaturo.com\/en\/"},{"@type":"ListItem","position":2,"name":"Data Privacy Assessment"}]},{"@type":"WebSite","@id":"https:\/\/www.amedeomaturo.com\/en\/#website","url":"https:\/\/www.amedeomaturo.com\/en\/","name":"Amedeo Maturo - English","description":"Otro sitio m\u00e1s de Amedeo Maturo - Multisite","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amedeomaturo.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b","name":"Amedeo Maturo","sameAs":["http:\/\/www.amedeomaturo.com"],"url":"https:\/\/www.amedeomaturo.com\/en\/author\/amedeomaturo\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/238","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/comments?post=238"}],"version-history":[{"count":2,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/238\/revisions"}],"predecessor-version":[{"id":284,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/238\/revisions\/284"}],"wp:attachment":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/media?parent=238"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/categories?post=238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/tags?post=238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}