By | Wednesday October 12th, 2016

As is well known the GDPR provides no clear guidance on how to demonstrate its own conformity and this poses a number of non banal challenges to entities that process personal data. Between various possible tools that could be considered (while awaiting more detailed guidelines) there is the use of a series of measurable parameters which can give some indication of the GDPR’s current state.

Usually one is led to measure the result indicators (lag indicators), which in our case may be, for example, the number of people granted an adequate disclosure compared to the total of individuals subject of the data treatment. However, these indicators don’t say anything of the actions that I could take to improve my processes. For this purpose however, you need to use “lead” indicators , more difficult to identify than lag indicators and not certain to provide positive results.

An example to illustrate the concept; if I want to lose weight it is not enough to weigh myself every day to reach my objective on the scales (a lag indicator then), but I’ll have to measure the processes that I have put in place to get there: for example, how many calories I introduce or how many kilometers of running I am doing. Therefore I have defined a process to achieve goals and I measure ex ante the  parameters. One type of approach certainly more in line with a law that requires us to think about the protection of personal data from the design stage.

Category: Impact, Risk and Measures Tags:

About Giancarlo Butti

Deals with ICT, organization and legislation since the early 80s covering different roles: security manager, project manager, auditor at banking groups, consultant in security and privacy to companies of different sectors and sizes. Performs regular activity of dissemination through articles (over 700), books (21 between books and white papers also used as university texts, 11 collective works within the ABI LAB, Oracle Community for Security and CLUSIT), technical manuals, courses, seminars, conferences… participates in working groups to ABI LAB on Business Continuity, Risk and GDPR, ISACA-AIEA on GDPR and 263, Oracle Community for Security, UNINFO, ASSOGESTIONI and the Committee of experts for the innovation of OMAT360. He is a member of the faculty of ABI Training. He is a partner and proboviro of ISACA-AIEA Member of CLUSIT and BCI. He is certified (LA BS7799), (LA ISO IEC 27001:2013), CRISC, ISM, DPO, CBCI, AMBCI.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.