information governance compliance
The policies regarding processes and procedures for use of information, the balance between information availability and information security and IPR (Intellectual Property Rights) and personal data protection.
Data protection officers ensure that the processing of personal data in an organisation is compliant with data protection standards and with the obligations set out in the applicable legislation such as GDPR. They elaborate and implement the organisation policy related to data protection, are responsible for data protection impact assessments and handle complaints and requests from third parties and regulatory agencies. Data protection officers lead investigations into potential data breaches, conduct internal audits and act as point of contact within the organisation on any matters related to the processing of personal data. Data protection officers may develop training programmes and provide training to other employees on data protection procedures.
The policies regarding processes and procedures for use of information, the balance between information availability and information security and IPR (Intellectual Property Rights) and personal data protection.
The methods and best practices that protect ICT systems, networks, computers, devices, services, processes and people against unauthorised access, modification and/or denial of service of assets.
The principles, ethical issues, regulations and protocols of data protection.
The General Data Protection Regulation is the EU regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The set of legislative rules that safeguards information technology, ICT networks and computer systems and legal consequences which result from their misuse. Regulated measures include firewalls, intrusion detection, anti-virus software and encryption.
Best practices and guidelines established for securing information and communication technology (ICT) systems and data. Standards as is the case of ISO 27000 series, provide a framework for implementing effective security controls, including access control, risk assessment and incident management, as well as to provide compliance of anorganisation.
The mechanisms and regulations which allow for selective access control and guarantee that only authorised parties (people, processes, systems and devices) have access to data, the way to comply with confidential information and the risks of non-compliance.
The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.
The internal risk management policies that identify, assess and prioritise risks in an IT environment. The methods used to minimise, monitor and control the possibility and the impact of disastrous events that affect the reaching of business goals.
The subfield of ethics that assess whether data practices are considerable ethical. It assesses processes such as collecting, analysing and disseminating structured and unstructured data that might negatively impact the society.
The practice of observing, testing, and evaluating in a systematic manner the processes of the organisation in order to improve effectivity, reduce risks, and add value to the organisation by installing a preventive culture.
The methods and procedures of research in legal matters, such as the regulations, and different approaches to analyses and source gathering, and the knowledge on how to adapt the research methodology to a specific case to obtain the required information.
The special terms and phrases used in the field of law.
No competences in this bucket.
Implement policies, methods and regulations for data and information security in order to respect confidentiality, integrity and availability principles.
Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.
Design programmes where employees or future employees are taught the necessary skills for the job or to improve and expand skills for new activities or tasks. Select or design activities aimed at introducing the work and systems or improving the performance of individuals and groups in organisational settings.
Design and implement business processes and technical solutions to guarantee data and information confidentiality in compliance with legal requirements, also considering public expectations and political issues of privacy.
Implement statements, assertions or rules that specify the appropriate use and protection of the ICT assets and systems from an organisation. These ICT security policies cover topics such as data classification, password management, access control and incident response.
Collect, organise and prepare data for analysis and review during investigation, regulatory filings and other legal processes.
Ensure that access to personal or institutional data conforms to the legal and ethical framework governing such access.
Advise organisations on how they may improve their compliance to the applicable government policies they are required to adhere to, and the necessary steps which need to be taken in order to ensure complete compliance.
Cooperate with colleagues in order to ensure that operations run effectively.
Write, implement and foster the internal standards of the company as part of the business plans for the operations and levels of performance that the company intends to achieve.
Develop and supervise the implementation of policies aimed at documenting and detailing the procedures for the operations of the organisation in the lights of its strategic planning.
Guarantee compliance with established and applicable standards and legal requirements such as specifications, policies, standards or law for the goal that organisations aspire to achieve in their efforts.
Conduct research for applicable legal and normative procedures and standards, analyse and derive legal requirements that apply to the organisation, its policies and products.
Maintain up-to-date knowledge of current regulations and apply this knowledge in specific sectors.
Monitor changes in rules, policies and legislation, and identify how they may influence the organisation, existing operations, or a specific case or situation.
Protect personal data and privacy in digital environments. Understand how to use and share personally identifiable information while being able to protect oneself and others from damages. Understand that digital services use a “Privacy policy” to inform how personal data is used.
Provide advice to clients in order to ensure that their actions are compliant with the law, as well as most beneficial for their situation and specific case, such as providing information, documentation, or advice on the course of action for a client should they want to take legal action or legal action is taken against them.
Respond to enquiries and requests for information from other organisations and members of the public.
Lead and guide employees through a process in which they are taught the necessary skills for the perspective job. Organise activities aimed at introducing the work and systems or improving the performance of individuals and groups in organisational settings.
Advise clients in different personal or professional matters.
No competences in this bucket.
No competences in this bucket.
The procedures of a legal case from opening to closing, such as the documentation that needs to be prepared and handled, the people involved in different stages of the case, and the requirements that need to be met before the case can be closed.
The process of identifying, assessing, and prioritising of all types of risks and where they could come from, such as natural causes, legal changes, or uncertainty in any given context, and the methods for dealing with risks effectively.
No competences in this bucket.
Implement a risk treatment plan to address the risks identified during the assessment phase, avoid their occurrence and/or minimise their impact. Evaluate the different options available to reduce the exposure to the identified risks, based on the risk appetite of an organisation, the accepted level of tolerance and the cost of treatment.
Estimate the potential losses associated with an identified risk by applying standard risk analysis practices to develop an estimate of probability and impact on the company. Take both financial and non-financial impacts into account. Use qualitative and quantitative risk analysis techniques to identify, rate and prioritise risks.
Select appropriate authentication and authorization mechanisms. Design, implement and troubleshoot key management and use. Design and implement a data encryption solution for data at rest and data in transit.
Examine the client's present situation, ideas and wishes under a legal perspective to assess their legal justification or enforceability.
Implement internal policies related to the development, internal and external usage of technological systems, such as software systems, network systems and telecommunications systems, in order to achieve a set of goals and targets regarding the efficient operations and growth of an organisation.
Provide assistance with the management of litigation matters, including document collection and investigation.
Evaluate the tangible consequences of the implementation of new ICT systems and functions on the current business structure and organisational procedures.
Record the project planning and development, the work steps, the required resources and the final results in order to present and keep track of the realised and ongoing projects.
Maintain an effective internal communication system among employees and department managers.
Create and manage one or multiple digital identities, be able to protect one's own reputation, deal with the data that one produces through several digital tools, environments and services.
Detect and correct corrupt records from data sets, ensure that the data become and remain structured according to guidelines.
Manage and plan various resources, such as human resources, budget, deadline, results, and quality necessary for a specific project, and monitor the project's progress in order to achieve a specific goal within a set time and budget.
Provide support and solutions to managers and directors in regards with their business needs and requests for the running of a business or the daily operations of a business unit.
Compose work-related reports that support effective relationship management and a high standard of documentation and record keeping. Write and present results and conclusions in a clear and intelligible way so they are comprehensible to a non-expert audience.