Page 94 - Cyber Warnings
P. 94
• Allow its data-processing facilities to be audited for the deployed security controls,
standards and measures, when requested by the data exporter and/or the relevant
supervisory authority
Termination of Contract/Completion of Work
Upon completion or termination of the data-processing related services, the data
importer and the sub-processor are mandated to -
a) Return all the personal data transferred to them, including the copies, if any,
to the data exporter or
b) Destroy all such personal data and certify to the data exporter that it has
done so, unless legislation imposed upon the data importer prevents it from
returning or destroying such personal data. In that case, the data importer
must guarantee the confidentiality of the personal data and not actively use it
any further
Transitioning to GDPR
Now that we have clarity on what is GDPR, let us consider a few practical steps which can
enable a company to transition to and comply with the GDPR -
1. Review and reword the contracts around the Model Clauses which provide a
standard framework
2. Thoroughly review the binding contractual rules and get approval of your EU data
protection agency
3. Enlist your information assets, products and services
4. Assess the security of your data processing activities by performing a gap analysis to
understand and refine the scope of compliance
5. Create flow diagrams showing the data processes
6. Conduct data protection impact assessments (DPIAs) by adopting a risk based
approach to identify the high-risk activities first
7. Get clarity on how to manage the data subject access requests while keeping in
mind the obligations; Define the mechanisms how you shall serve and fulfill such
access requests and the associated data transfers
8. Refine and/or establish the legal basis (e.g. contractual clauses, legitimate interest of
the data subjects) for retaining the personal data, if applicable
9. Define the incident management related aspects
10. Identify the operational controls, standards and measures
11. Refine the processes for tracking and maintaining the audit trails, logs and records
94 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
