HERMES GDPR Scoping Meeting

Get Started. It's Free
or sign up with your email address
Rocket clouds
HERMES GDPR Scoping Meeting by Mind Map: HERMES GDPR Scoping Meeting

1. Identification of 'Individuals' and primary department owners

2. In Scope

2.1. For each individual

2.1.1. Identify datasets

2.1.1.1. Categories of personal data to field level

2.1.1.2. Document justification for holding identified data sets

2.1.2. Document which systems the identified datasets reside within

2.1.2.1. System Name

2.1.2.2. Systems general purpose

2.1.2.3. System access controls

2.1.2.3.1. Security Analyst Input needed

2.1.2.4. System business owner

2.1.2.5. Data retention periods for each identified system

2.1.2.5.1. Security Analyst Input needed

2.1.3. Dataset flow

2.1.3.1. Identify the 'life cycle' of an individuals dataset

2.1.3.2. Document the process data flow between Hermes systems

2.1.3.3. For each system touch point

2.1.3.3.1. Identify Data source

2.1.3.3.2. Identify Data outputs

2.1.3.3.3. Identify data transfer methods

2.1.4. Data Use

2.1.4.1. Identify touch point of the data set

2.1.4.1.1. Identify are the triggers for process?

2.1.4.1.2. Identify processing activity

2.1.4.1.3. Identify the role of the accessor

3. Out of Scope

3.1. Processes to facilitate individuals rights requests

3.1.1. For 8 GDPR individual rights

3.2. Data Process improvement

3.3. Review or updating of privacy notices

3.4. ICO Breach response

3.4.1. Definition of Breach

4. Timeline

4.1. End of Jan 2018

4.1.1. Individual Focus

4.1.1.1. Sender

4.1.1.2. Re-seller

4.1.1.3. Client Customer

4.1.1.4. Employee

4.1.1.5. Employee applicant

4.2. TBA

4.2.1. Sub-depot Controller

4.2.2. Shop Keeper

4.2.3. Shop Manager

4.2.4. Shop Owner

4.2.5. Self employed courier

4.2.6. Self employed courier applicant

4.2.7. Parcel Recipiant

4.2.8. Neighbour