Under the GDPR all personal data processing is unlawful by default – you should be able to prove in advance that your data processing is lawful or risk fines, class actions, and / or criminal prosecution
What is an Enterprise Privacy Architecture?
The GDPR requires organisations to maintain a record of all its personal data processing activities. If formalised into an EPA metadata repository you also can evaluate the financial and criminal risks to which each process may expose your enterprise.
Why should you care about EPA?
Under the GDPR all personal data processing is unlawful by default.
If you cannot prove from information recorded and largely disclosed in advance that your data processing is lawful, then your data processing may attract fines, class actions (or representative claims/GLOs in the UK) and/or criminal prosecution.
Foreign regulators are entitled to investigate UK enterprises (and in most Member States data protection offences attract custodial sentences).
What does the EPA include/assemble (for each process)?
The EPA is an online facility which has been 4 years in development by a data protection lawyer and has patents pending.
Importantly, the EPA validation and assessment provides you with a board-ready report quantifying the financial and criminal risks by dataflow.
Typically this report is presented to the Board on a periodic review basis or when your personal data processing changes.
EPA usage and assessment
The Readiness Review provides you with a summary of GDPR as it applies to your organisation (including the DPA 2018 for UK-based companies), a view of your current data and processing based on the interview and a prioritised set of next steps (cross-referenced to GDPR) and a high-level milestone plan. It also provides an indication of the effort and timescales required for each action and how we can support you in achieving these.
Readiness Review outcomes
The Readiness Review provides you with a summary of GDPR as it applies to your organisation, a view of your current data and processing based on the interview and a prioritised set of next steps (cross-referenced to GDPR) and a high-level milestone plan. It also provides an indication of the effort and timescales required for each action and how we can support you in achieving these.