Embedded Files
GOVERNANCE, RISK & COMPLIANCE (GRC) FUNDAMENTALS
Overview
I performed a data privacy assessment for a home environment. I inventoried personal data types, mapped collection and storage, assessed privacy risks, and produced recommendations aligned to major regulations like the General Data Protection Regulation and the California Consumer Privacy Act.
(How to Conduct a Data Privcacy Assessment)
Objectives
Build a data inventory by type and source.
Define privacy requirements per data type.
Map data flows and storage locations.
Assess risks and recommend controls.
Prerequisites
Basic understanding of privacy principles
Spreadsheet and document tools
Tools and technologies
Google Sheets and Google Docs
Device permission settings and cloud account privacy dashboards
Implementation
1. Identify personal data
Data types: contact info, financial data, health data, location data, browsing history.
Devices and apps: smartphones, laptops, cloud storage, Internet of Things, banking and health apps.
Artifact: Data Inventory Table.
2. Define privacy requirements
Principles: data minimization, transparency, security, user rights.
Map requirements by data type.
Artifact: Privacy Requirements Table.
3. Map data flow and storage
Collection points and storage locations on device and in cloud.
Artifact: Data Flow and Storage Table.
4. Assess privacy risks
Assign risk level per data type.
Identify specific risks like unauthorized access and over-collection.
Artifact: Privacy Risk Assessment Table.
5. Document findings and recommendations
Controls: encryption at rest and in transit, Multi-Factor Authentication for financial accounts, consent prompts for location data, reduced retention.
Artifact: Data Privacy Assessment Report.
Outcomes
Visibility into which data is collected and where it lives.
A prioritized set of privacy controls that reduce risk without killing usability.
Skills demonstrated
Data mapping and privacy risk analysis
Control recommendation aligned to regulation principles
Google Sites
Report abuse