The latest privacy compliance news, issues, resources and
expert advice to save you time and mitigate risk.

Written by Nymity
on January 25, 2018

As your organisation continues to implement technical and organisational measures for the purpose of providing evidence of GDPR compliance, the Nymity Privacy Management Accountability Framework™ can serve as a helpful tool. This free resource was developed through years of research, and has been mapped to hundreds of laws and privacy frameworks, including the GDPR.

The team at Nymity identified 39 GDPR articles that create obligations to put in place technical or organisational measures to demonstrate compliance, and those articles map to 55 measures within the Framework™.

In Part 1 of our blog series, we looked at the first 7 categories of the Framework™, and in particular, which measures directly applied to the GDPR. Today, in Part 2, we will examine the remaining 6 categories, and their GDPR-relevant activities.


8) Maintain Notices
Your organisation will need to maintain notices to individuals consistent with the data privacy policy, legal requirements, and operational risk tolerance.

Privacy Management Activities include:

  • Maintain a data privacy notice that details the organisation’s personal data handling practices
  • Provide data privacy notice at all points where personal data is collected


9) Respond to Requests and Complaints from Individuals
Ensure that you maintain procedures for interactions with individuals about their personal data.

Privacy Management Activities include:

Maintain procedures to respond to requests for:

  • Access to personal data
  • Updates or corrections to personal data
  • Opt-out of, restrict, or object to processing
  • Data portability
  • Being forgotten or for erasure of data


10) Monitor for New Operational Practices
It is important for your organisation to monitor practices to identify new processes or material changes to existing processes and ensure the implementation of Privacy by Design principles.

Privacy Management Activities include:

  • Integrate Privacy by Design into system and product development
  • Maintain PIA/DPIA guidelines and templates
  • Conduct PIAs/DPIAs for changes to existing programs, systems, or processes
  • Engage external stakeholders (e.g. individuals, privacy advocates) as part of the PIA/DPIA process
  • Track and address data protection issues identified during PIAs/DPIAs
  • Report PIA/DPIA analysis and results to regulators (where required) and external stakeholders (if appropriate)


11) Maintain Data Privacy Breach Management Program
An effective data privacy incident and breach management program will need to be maintained for compliance.

Privacy Management Activities include:
Maintain policies/procedures for:

  • Maintain a data privacy incident/breach response plan
  • Maintain a breach notification (to affected individuals) and reporting (to regulators, credit
  • agencies, law enforcement) protocol
  • Maintain a log to track data privacy incidents/breaches


12) Monitor Data Handling Practices
Verification will be required to prove that your operational practices comply with the data privacy policy and the operational policies and procedures. You will also need to measure and report their effectiveness.

Privacy Management Activities include:

  • Conduct self-assessments of privacy management
  • Maintain documentation as evidence to demonstrate compliance and/or accountability


13) Track External Criteria
Your organisation will need to continually track new compliance requirements, expectations, and best practices.

Privacy Management Activities include:

  • Identify ongoing privacy compliance requirements (e.g. law, case law, codes, etc.)

 The Nymity Privacy Management Accountability Framework™ is a free resource available on our website. For more information, or to view the Framework™ in full, visit Nymity Privacy Management Accountability Framework™.

You may also like:

GDPR Nymity Framework™

Nymity Privacy Management Accountability Framework™ at a Glance, Part 1

The Nymity Privacy Management Accountability Framework™ is an easy-to-read, menu-style visual tool that identifies opera...


Nymity Featured in Business Reporter

2018 is officially underway, and for many organisations across the globe, GDPR compliance is being prioritized in antici...

GDPR Nymity Scorecard™

Nymity Data Privacy Accountability Scorecard™

Accountability was first established as a privacy principle in 1980, when the Organisation for Economic Cooperation and ...