SlideShare a Scribd company logo

GDPR RACI.pdf

Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Using RACI Chart for GDPR implementation

Presentations & Public Speaking
1 of 18
Download to read offline
Using RACI Chart for GDPR implementation Andrey Prozorov, CISM, CIPP/E 2020-05-25
2 Andrey Prozorov, CIPP/E, CISM • Information Security Methodology Manager • 15 years in information security (12 years in data protection and privacy) • My Patreon (ISMS and GDPR toolkits) - www.patreon.com/AndreyProzorov • My blog (in Russian) - http://80na20.blogspot.com
Agenda • RACI Chart (intro) • My Case: • My Data Protection Framework • My Governance Model • My GDPR Activities • My RACI Chart 3
My first contact with RACI chart 2009-2010, COBIT 4.1, example: PO4 Define the IT Processes, Organisation and Relationships 4
Thanks, Wiki! A responsibility assignment matrix (RAM), also known as RACI matrix or linear responsibility chart (LRC), describes the participation by various roles in completing tasks or deliverables for a project or business process. RACI is an acronym derived from the four key responsibilities most typically used: responsible, accountable, consulted, and informed. It is used for clarifying and defining roles and responsibilities in cross- functional or departmental projects and processes. There are a number of alternatives to the RACI model (e.g. RASI, PARIS, PACSI, DACI, PDQA, RASCEIO) 5
RACI • Responsible (R): role that performs an activity or does the work. • Accountable (A): role that is ultimately accountable and has Yes/No/Veto. Also approver or final approving authority. There must be only one accountable specified for each task or deliverable. • Consulted (C): role that helps and advises. • Informed (I): role that needs to know of the decision or action. 6
Why is it effective? • Simple and short description • Adaptable • Helicopter view (complete list and links) 7
COBIT 2019: APO13 — Managed Security 8
COBIT 2019: APO13 — Managed Security We have used RACI for the ISMS implementation. Let’s use it for GDPR compliance… 9
My Case • Construction and Energy sector • >250 employees • EU + Russia • ISO 9001, ISO 27001… 10
My Data Protection Framework (33 pages) 11
My Data Protection Framework (33 pages) 12
Data Protection Governance Model Who else? • Representatives • Internal Audit • Risk Manager • Procurement • Compliance • … 13
1. Planning (6) 2. Processing (6) 3. Security (5) 4. Control, Report and Respond (4) GDPR Activities (21) 14
15
16
17 Lessons Learned: • Choose a suitable level of detail • Use other examples for inspiration • Discuss and align everything in advance • Conduct periodic reviews and update the chart
Andrey Prozorov, CIPP/E, CISM • My Patreon (ISMS and GDPR toolkits) - www.patreon.com/AndreyProzorov • My blog (in Russian) - http://80na20.blogspot.com • Email - prozorov.info@gmail.com Thanks!

Recommended

2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27701
ISO 27701ISO 27701
ISO 27701UtkarshDhiman4
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 

Recommended

2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27701
ISO 27701ISO 27701
ISO 27701UtkarshDhiman4
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNA Putra
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2Kimberly Simon MBA
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxforam74
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesCertification Europe
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Compliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enCompliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enBalázs Antók
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information SecuritySeto Joseles
 

More Related Content

What's hot

ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNA Putra
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxforam74
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesCertification Europe
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Compliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enCompliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enBalázs Antók
 

What's hot (20)

All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptx
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
Compliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enCompliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_en
 

Similar to GDPR RACI.pdf

Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information SecuritySeto Joseles
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkIJCSIS Research Publications
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Nikki Chapple
 
Blockchain workshop design thinking and technical workshop
Blockchain workshop design thinking and technical workshopBlockchain workshop design thinking and technical workshop
Blockchain workshop design thinking and technical workshopJuarez Junior
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic ConceptsSpyros Ktenas
 
A cloud readiness assessment framework
A cloud readiness assessment frameworkA cloud readiness assessment framework
A cloud readiness assessment frameworkCarlo Colicchio
 
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799Abhinav Goyal
 
Is Your E-Business Suite Data Visible After An M&A Event?
Is Your E-Business Suite Data Visible After An M&A Event?Is Your E-Business Suite Data Visible After An M&A Event?
Is Your E-Business Suite Data Visible After An M&A Event?SmartDog Services
 
Identity & Access Governance
Identity & Access GovernanceIdentity & Access Governance
Identity & Access GovernanceHorst Walther
 
Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Continuity and Resilience
 
Iris business architect strategies for migrating government legacy enterpri...
Iris business architect strategies for migrating government legacy enterpri...Iris business architect strategies for migrating government legacy enterpri...
Iris business architect strategies for migrating government legacy enterpri...Cloud Best Practices Network
 
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...Vanguard Visions
 
Mi0036 business intelligence & tools...
Mi0036 business intelligence & tools...Mi0036 business intelligence & tools...
Mi0036 business intelligence & tools...smumbahelp
 
Mi0036 business intelligence & tools...
Mi0036 business intelligence & tools...Mi0036 business intelligence & tools...
Mi0036 business intelligence & tools...smumbahelp
 
Struktur Komponen, Area Fokus, Faktor Desain.pdf
Struktur Komponen, Area Fokus, Faktor Desain.pdfStruktur Komponen, Area Fokus, Faktor Desain.pdf
Struktur Komponen, Area Fokus, Faktor Desain.pdfDhata Praditya
 

Similar to GDPR RACI.pdf (20)

Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information Security
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grc
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance Framework
 
Cobit_5_Checklist.pdf
Cobit_5_Checklist.pdfCobit_5_Checklist.pdf
Cobit_5_Checklist.pdf
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
 
Blockchain workshop design thinking and technical workshop
Blockchain workshop design thinking and technical workshopBlockchain workshop design thinking and technical workshop
Blockchain workshop design thinking and technical workshop
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
 
A cloud readiness assessment framework
A cloud readiness assessment frameworkA cloud readiness assessment framework
A cloud readiness assessment framework
 
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
 
Is Your E-Business Suite Data Visible After An M&A Event?
Is Your E-Business Suite Data Visible After An M&A Event?Is Your E-Business Suite Data Visible After An M&A Event?
Is Your E-Business Suite Data Visible After An M&A Event?
 
Identity & Access Governance
Identity & Access GovernanceIdentity & Access Governance
Identity & Access Governance
 
Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!
 
Iris business architect strategies for migrating government legacy enterpri...
Iris business architect strategies for migrating government legacy enterpri...Iris business architect strategies for migrating government legacy enterpri...
Iris business architect strategies for migrating government legacy enterpri...
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...
Managing Cloud Business Solutions for Salisbury/Modbury Digital Enterprise Pr...
 
Mi0036 business intelligence & tools...
Mi0036 business intelligence & tools...Mi0036 business intelligence & tools...
Mi0036 business intelligence & tools...
 
Mi0036 business intelligence & tools...
Mi0036 business intelligence & tools...Mi0036 business intelligence & tools...
Mi0036 business intelligence & tools...
 
Struktur Komponen, Area Fokus, Faktor Desain.pdf
Struktur Komponen, Area Fokus, Faktor Desain.pdfStruktur Komponen, Area Fokus, Faktor Desain.pdf
Struktur Komponen, Area Fokus, Faktor Desain.pdf
 

More from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

More from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001 (20)

NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
 
pr ISMS Documented Information (lite).pdf
pr ISMS Documented Information (lite).pdfpr ISMS Documented Information (lite).pdf
pr ISMS Documented Information (lite).pdf
 
ISO Survey 2022: ISO 27001 certificates (ISMS)
ISO Survey 2022: ISO 27001 certificates (ISMS)ISO Survey 2022: ISO 27001 certificates (ISMS)
ISO Survey 2022: ISO 27001 certificates (ISMS)
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
My 15 Years of Experience in Using Mind Maps for Business and Personal PurposesMy 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
 
How to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdfHow to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdf
 
pr Privacy Principles 230405 small.pdf
pr Privacy Principles 230405 small.pdfpr Privacy Principles 230405 small.pdf
pr Privacy Principles 230405 small.pdf
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
ISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdf
 
Supply management 1.1.pdf
Supply management 1.1.pdfSupply management 1.1.pdf
Supply management 1.1.pdf
 
Employee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdfEmployee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdf
 
GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdf
 
GDPR EU Institutions and bodies.pdf
GDPR EU Institutions and bodies.pdfGDPR EU Institutions and bodies.pdf
GDPR EU Institutions and bodies.pdf
 
Data protection RU vs EU
Data protection RU vs EUData protection RU vs EU
Data protection RU vs EU
 
IS Awareness in practice, isaca moscow 2019 10
IS Awareness in practice, isaca moscow 2019 10IS Awareness in practice, isaca moscow 2019 10
IS Awareness in practice, isaca moscow 2019 10
 
Про работу на Западе (Прозоров)
Про работу на Западе (Прозоров)Про работу на Западе (Прозоров)
Про работу на Западе (Прозоров)
 

Recently uploaded

The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfSenaatti-kiinteistöt
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxraffaeleoman
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 

Recently uploaded (20)

The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 

GDPR RACI.pdf

  • 1. Using RACI Chart for GDPR implementation Andrey Prozorov, CISM, CIPP/E 2020-05-25
  • 2. 2 Andrey Prozorov, CIPP/E, CISM • Information Security Methodology Manager • 15 years in information security (12 years in data protection and privacy) • My Patreon (ISMS and GDPR toolkits) - www.patreon.com/AndreyProzorov • My blog (in Russian) - http://80na20.blogspot.com
  • 3. Agenda • RACI Chart (intro) • My Case: • My Data Protection Framework • My Governance Model • My GDPR Activities • My RACI Chart 3
  • 4. My first contact with RACI chart 2009-2010, COBIT 4.1, example: PO4 Define the IT Processes, Organisation and Relationships 4
  • 5. Thanks, Wiki! A responsibility assignment matrix (RAM), also known as RACI matrix or linear responsibility chart (LRC), describes the participation by various roles in completing tasks or deliverables for a project or business process. RACI is an acronym derived from the four key responsibilities most typically used: responsible, accountable, consulted, and informed. It is used for clarifying and defining roles and responsibilities in cross- functional or departmental projects and processes. There are a number of alternatives to the RACI model (e.g. RASI, PARIS, PACSI, DACI, PDQA, RASCEIO) 5
  • 6. RACI • Responsible (R): role that performs an activity or does the work. • Accountable (A): role that is ultimately accountable and has Yes/No/Veto. Also approver or final approving authority. There must be only one accountable specified for each task or deliverable. • Consulted (C): role that helps and advises. • Informed (I): role that needs to know of the decision or action. 6
  • 7. Why is it effective? • Simple and short description • Adaptable • Helicopter view (complete list and links) 7
  • 8. COBIT 2019: APO13 — Managed Security 8
  • 9. COBIT 2019: APO13 — Managed Security We have used RACI for the ISMS implementation. Let’s use it for GDPR compliance… 9
  • 10. My Case • Construction and Energy sector • >250 employees • EU + Russia • ISO 9001, ISO 27001… 10
  • 11. My Data Protection Framework (33 pages) 11
  • 12. My Data Protection Framework (33 pages) 12
  • 13. Data Protection Governance Model Who else? • Representatives • Internal Audit • Risk Manager • Procurement • Compliance • … 13
  • 14. 1. Planning (6) 2. Processing (6) 3. Security (5) 4. Control, Report and Respond (4) GDPR Activities (21) 14
  • 15. 15
  • 16. 16
  • 17. 17 Lessons Learned: • Choose a suitable level of detail • Use other examples for inspiration • Discuss and align everything in advance • Conduct periodic reviews and update the chart
  • 18. Andrey Prozorov, CIPP/E, CISM • My Patreon (ISMS and GDPR toolkits) - www.patreon.com/AndreyProzorov • My blog (in Russian) - http://80na20.blogspot.com • Email - prozorov.info@gmail.com Thanks!