In this PrivacyEspresso we discuss with Andreas Von Grember, Information Security Advisor at the wizlynx group ( a cybersecurity partner of the PrivacyRUles alliance) on how the usage of GRC platform can play a pivotal role in privacy compliance.
In the previous two sessions, Andreas explained how to break down the silos structure and how GRC and Data Protection can be value-creating for an organisation. In this session, Andreas provides, instead, some practical examples of how this work.
In particular, Andreas illustrates how a central inventory should look like, what should it entail, and why/how it can help companies resolve their data management issues. Then he illustrates how to do this with a practical example based on the four most important questions to be asked when making an inventory asset:
1. What are the relevant assets.
2. Who owns it?
3. What is it worth?
4. What protection is appropriate OR expected?
Of course, Andreas also presents the complexities of such an activity and underlines how it is mandatory to have a top-down approach in order to make it really work. According to him, indeed, it would not be possible to create a valuable central inventory without a top-level overview of all the companies’ assets, activities and information.
This may initially look cumbersome, but it is not, and the result is extremely beneficial.
Watch this privacyespresso and, if you did not, its previous episodes, to learn more about this and start using GRC platforms in the best manner!