01 Oct 2019 10 STEPS TO A MORE SECURE HOTEL Daniel Johnson Blog No comments yet 1. Data Processing Registry Mapped and Inventorised Have you identified and described business processes involving personal data? 2. Assessments Completed and Documented Have you completed and documented compliance assessments? 3. Roles Assignments Defined Have you defined and assigned data processing roles? (Data Controller(s), Data Processor(s); DPO; Data Steward; etc.) 4. Legacy Data Risk Assessed and Cessation of Unlawful Processes Documented Have you identified legacy data of which you should not/may not process any longer? 5. Policies Assessed and Published Have you defined and published data-related policies? (i.e. Privacy, Code of Conduct, Acceptable Use) 6. Security Allocated to the Professionals Have you deployed a layered approach to security, utilizing multiple lines of defense to repel potential attacks? 7. SARs, Breach and Purge Procedures Formulated Have you formulated hygiene and response procedures? 8. Agreements (DPA, etc.) Assessed Have you obtained relevant data processing agreements? 9. Rules of Email Use Formulated and Documented Have you established a digital communications procedures and rules of use? 10. Training & Awareness Program Conducted and Documented Have you informed employee and conducted a data protection awareness training program?