Open-Sourcing our GDPR Compliance Preparation For Articles 30, 32, and 35

November 15 16:58 2019 Print This Article

Since we open-sourced this Google Sheet data inventory tool back in March, we achieved a SOC 2 Type II certification in Privacy. We’re committed to continuous improvement, and as we implemented the data inventories and impact assessments, we learned that capturing personal data relied upon for all business processes was important. So, we updated the inventory to ensure we are collecting all information on how personal data is used at Everlaw. We wanted to share the updated document which now reflects this broader approach, available at the link below.

Along with many other US companies with customers in the EU, Everlaw started preparing for GDPR compliance early last year. While we still have some work to do before May 25th, we have made significant progress, especially in our documentation of data processing activities and creating data inventories.

When I couldn’t find a free tool that worked for the process I wanted to implement at Everlaw, I created one in Google Sheets that all of our teams could work on in real-time. Below, we’ll share with you the tool we created to manage this documentation.

This tool combines documentation for GDPR Article 30: Records of processing activities, Article 32: Security of processing, and Article 35: Data protection impact assessment into one workbook (including a place to document Article 15: Right of access by the data subject).

We are sharing this with anyone who wants to use it! Why? Everlaw has an established history of contributing to open-source projects. We’ve also shared tips on how teams can optimize open-source contributions. Although the term “open source” originated in the context of software development, it is increasingly used to refer to something that people can “modify and share because its design is publicly accessible.”

GDPR requires a major shift in how companies treat privacy and data protection. We think that approaching compliance the open-source way, where companies can learn from each other and freely exchange ideas and approaches, is the best way forward. We hope that you find this document useful!

The original article was posted here: https://www.everlaw.com/resources/blog/2018/03/05/gdpr-compliance-preparation-articles-30-32-35/

  Article "tagged" as:
  Categories:
view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment

0 Comments

No Comments Yet!

You can be the one to start a conversation.

Add a Comment