Link between GDPR & BCM

GDPR and business continuity are undoubtfully connected management domains.

Indeed, any adverse event that is dealt with in a business continuity context, can be the cause of a data breach too.

Many articles in the GDPR show this relation, like for instance article 32 stating the obligation to manage the availability of personal data.

The volume of generated data has grown over time, this makes establishing and implementing a set of data protection guidelines much more complicated and expensive.

By linking both domains, one creates a new and faster way of detecting data breaches and avoid even more severe and complex crises.

We have developed an approach in 5 steps for linking GDPR and BCM

  1. Assure resilience in GDPR processes
    It’s important to set-up and maintain clear registers of processing’s, risk-analysis and a accountability framework this way you can make relations. Make sure to prepare, follow and communicate on data breaches and rights at any time.
  2. Establish GDPR-sensitivity of business processes
    It is important to know that data impact in case of continuity crisis. One can use a mapping technique that relates processes to processing’s, with attention to “inheritance” of the GDPR risks.  This allows GDPR alerting in case of any crisis.
  3. Document BCM(s) processing’s in GDPR governance
    BCM’s also contain processing’s like SMS sending, keeping names of people; these processings shall be subject to GDPR governance.
  4. Fuse GDPR Breach and BC crisis
    Avoid seeing a data breach too late by having GDPR stakeholders in the BCM crisis team.
  5. Embed BCM in “technical and organisational measures”
    Any compliance audit or breach investigation will look into BCM readiness.  Embedding both domains makes the overall risk management on both domains stronger.

RealBCP and RealDPG have the great advantage of using relational attributes assuring very quick risk assessments in case of a crisis.