Maintains an overview of the organisation’s information assets, identifies the information asset owners and implements internal audits including controls on storing, security, maintaining records of processing activities, data protection impact assessments, transfers, contracts and handling access to personal data.
SFIA Skills: Personal data protection (PEDP)
Incident Response (Level 6)(IG)
Cooperates with the supervisory authority. Acts as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36. Consults, where appropriate, with regard to any other matter. Advises the organisation on risk mitigations and required actions.
Restricted Transfers (IG)(Level 4)
Advises on restricted transfers including any additional safeguards and ensures copies of safeguards are available to persons whose data is to be or has been transferred overseas.
Incident response (PEDP) (Level 6) (IG)
Assesses and manages the risk for any potential personal data breaches and cyber incidents. Sets in motion the agreed procedures to identify breach, including with third parties, works within statutory timeline, mitigates risk, and maintains communications with Data Protection Officer (DPO), or equivalent when not required, to comply with statutory notification to the regulatory authority (Commissioner) if breach confirmed.