A large regional institution for higher education was highly aware of their responsibility for proper processing of personal data from all students and employees. Changes in ICT-facilities were an important impulse for the desire to improve on information security and raise awareness.
Audittrail was requested to perform a baseline status assessment in 2017 for both privacy and InfoSec to prepare for the impact of the GDPR legislation that was coming. The results from this assessment were used to gain insight in the risks involved and make recommendations on the necessary improvements to become GDPR secure and compliant. As a result, starting 2018 an Audittrail DPO was appointed. Simultaneously, Audittrail took on the role as project leader for the Taskforce IBP (InfoSec and Privacy), and to set up and execute a long-term awareness strategy.
- Baseline status assessment privacy and information security.
- Taskforce IBP and awareness campaign
- DPO continued