What is this workspace template for?
Principle components state the legal principles and requirements from the GDPR or other applicable regulation. Linking these principles to the relevant Policies in your organization allow you to trace policies back to their reason for existing, and help you spot compliance gaps by identifying principles with no associated policies.
Component types contained in this template
- Source: This is used as a “grouping” function. For example “Data Protection Principles”
- Principle: Internalization of the regulation into a set of principles i.e within Data and protection you have “security”
Reference types contained in this template
- Realized by
Fields contained in this template
Internalize the regulation into a set of standard principals and rights:
This can be used for more than just GDPR. You can use different sources to reflect the requirements from any regulation or certification.
Map the principals to the policies and routines which realize them with the “Realized by” reference type. This will allow you to be able to say that for the GDPR principal “Security” we have this set of security policies and routines.
If you are linking the regulatory articles or paragraphs to the principals, you will also then be able to understand the impact in a change in for example “article 30″ on your associated policies, who to notify and what the level of impact will be on the organization.”